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DESCRIPTION 

Information Proccpoing Dovico and Mctho d lNFORMATION 
PROCESSING DEVICE AND METHOD 

Technical F i G 1 d BACKGRQUND OF THE INVENTION 

[0001] This invention relates to an information 

processing method, an information processing device, an 
information recording medium and a computer program. More 
particularly, it relates to an information processing 
method, an information processing device, an information 
recording medium and a computer program, which are 
configured so that keys necessary for recording and/or 
reproducing content data, such as a master key, a media key 
or a content key, are distributed or acquired, using a 
hierarchical key distribution system of a tree structure, 
and in which respective devices record or reproduce the 
content data using these keys. 
Background Art 

[0002] In keeping up with progress and development of 

digital signal processing techniques, recording devices or 
recording media for digitally recording the information, are 
finding widespread use. With the digital recording device or 
recording medium, since copying can be repeatedly made 
without degrading the sound or picture quality, recording 
media obtained on unauthorized duplication may be circulated 
on the market, thus impairing the benefit of the copyright 
owners or authorized distributors of various contents, such 
as music or motion pictures. Nowadays, various techniques or 
systems for preventing unauthorized duplication have been 
introduced in the digital recording devices or digital 
recording media in order *to prohibit such unauthorized 
duplication of digital data. 
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[0003] For example, in a MD (mini-disc) , mini-disc and MD 

being registered^ trademark s of Sony Corporation , an SCMS 

(Serial Copy management — Management System) is used as a 
method of prohibiting unauthorized duplication. The SCMS is 
such a system in which, on the data reproducing side, an 
SCMS signal is output along with audio data from a digital 
interface (DIF) and, on the receiving side, the recording of 
audio data from the reproducing side is controlled based on 
the SCMS signal from the reproducing side to prohibit the 
unauthorized duplication. 

[0004] Specifically, the SCMS signal is such a signal 

indicating whether given audio data is copy- free data, for 
which copying can be made any number of times, copy-once- 
allowed data, for which copying is allowed only once, or 
copy-prohibited data, for which copying is prohibited. On 
receipt of audio data from the DIF, the data recording side 
detects the SCMS signal, sent along with the audio data. If 
the SCMS signal is copy- free, the audio data is recorded, 
along with the SCMS signals, on a minidisc. If the SCMS 
signal is copy-once-allowed, the SCMS signal is changed to 
copy-prohibited and is recorded along with the audio data on 
the mini-disc. If the SCMS signal is copy-prohibited, audio 
data is not recorded. By this control employing the SCMS, 
unauthorized duplication of audio data, protected by 
copyright, may be prevented from occurring. 

[0005] However, with the SCMS, it is unnecessary 

f or p rcr equip i to — that the data recording equipment itself to 
incorporate means for ewfts — the — structure — e£ — controlling the 
recording of the audio data from the reproducing side, — based 
on the SCMS signals, as described above. Thus, 4r€ — fefee — a 
mini-disc type recorder that is not capable of — ne^ — having 
■fcfee — otructurc — of executing the SCMS control is produced, — i-fe 
is — difficult — te — cope — with — the — will be unable to prevent 
illicit copying. — In view of such limitation, the digital 
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video disc JDVD)_ player, for example/ is configured for 
prohibiting illicit copying of copyright-protected data by 
exploiting a content scramble system. 

[0006] In the content scramble system, video or audio 

data are recorded encrypted in a DVD-ROM_ (Read Only Memory), 
and a key used for decoding the encrypted data (decrypting 
key) is given — a — licence d provided to each licensed DVD 
player, -£fe — is — a — Only DVD player s which are — designed to 
comply with preset operational regulations, such as not 
undertaking illicit copying, that io — licence d are licensed . 
Se In such way , the licence d ! icensed DVD player is able to 
reproduce the pictures or speech fro m recorded on the DVD-ROM 
by decoding the encrypted data-? — recorded on the DVD ROM, — by 
exploiting the accorde d through use of the key. 

[0007] On the other hand, an unl i c one e d unl i c ens ed DVD 

player, not having a key for decoding the encrypted data, is 
unable to decode the encrypted data recorded on the DVD-ROM. 
Thus, with the content scramble system configuration, a DVD 
player not meeting required conditions at the licencing time 
to be accorded the license cannot reproduce the DVD-ROM 
having digital data recorded thereon^ — thuo prohibiting In 
such way, unauthorized duplication is prevented . 

[0008] However, the content scramble system, used in the 

DVD-ROM, is designed for a recording medium on which data 
writing by the user is impossible (this sort of the 
recording medium is incidentally referred to below as ROM 
media) , while account n o provision is made for net — taken of 
application — thereof — fee — a recording medium on which data 
writing by the user is possible (this sort of the recording 
medium is incidentally referred to below as RA M (random 
access memory) media) . 

[0009] That — dr eThus , even if the data recorded on the ROM 

media is encrypted, but the encrypted data is copied in its 
entirety on onto the RAM media, the result is a so-called 
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pirate pirated edition which reproducible on a 

liccncc d licensed authorized device. 

[0010] The present Assignee proposed in our senior patent 
application (Japanese Laying-Open Patent Publication 
H-ll-224461; JP Patent Application 10-25310) a configuration 
in which the information for identification of individual 
recording media, referred to below as medium identification 
information, is recorded along with other data on a 
recording medium in question to permit only the 
licence d ! icensed authentic device to access the medium 
identification information of the recording medium. 
[0011] W ith this method, data on the recording medium is 
encrypted by the media identification information and a 
secret key (master key), obtained on licGncin g licensing , 
such that, if an unl i c one cdunl i c ens ed device or equipment 
reads out the encrypted data, no meaningful data can be 
produced. It is noted that the device has its operation 
regulated at the time of liccncing licensing so that illicit 
duplication (unauthorized copying) is prohibited. 
[0012] A n unl i ccnc c d unl i censed device cannot access the 
media identification information, while the medium 
identification information is of a value specific to each 
medium, so that, if such unl i c cnc c d unl i c ens ed device 
duplicates the totality of the encrypted data, recorded on 
the recording medium, on a new recording medium, the data 
recorded on the so produced recording medium cannot be 
decrypted correctly on a licence d ! i censed device, to say 
nothing of the unl iccncQ d unli censed device, thus effectively 
prohibiting the unauthorized duplication. 

[0013] M eanwhile, in the above configuration, a master key 
stored in a liccnce d li censed device or equipment is usually 
common to all devices or equipment. The reason a common^ e 
master key common — fee — the plural — equipment — is store d in all 
the equipment is that this represents an essential condition. 
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in order to make the media recorded on a given equipment 
reproducible on other equipment, that is to assure 
interoperability. 

[0014] If , in such system, a hacker succeeds in obtaining 
the master key from one of the licensed pieces of equipment 
and distributes the master key- ^tes — succeeded — — aggressing 
an equipment and hao — taken out the master key , the encrypted 
recorded data recorded — encrypted — can be decrypte d by all 
pieces of equipment in the entire system, thus leading to 
breakdown of the entire system. In order to prevent this 
from occurring, it is essential that, if it is revealed that 
a given equipment has been attacked and a master key has 
become known exp licit , the master key be changed to a new 
one, which then is give n to all pieces — fefee — totality of the 
equipment except the equipment which has succumbed to the 
attack. As the simplest system to realize this 
configuration, a key unique to each equipment (device key) 
may be give n to each equipment and a value obtained on 
encrypting the new master key with the individual device key 
may then be formed and transmitted to each equipment through 
a recording medium. However, in this case, the volume of the 
entire messages to be transmitted is undesirably increased 
in proportion to the number of the pieces of equipment . 
[0015] A s the configuration which possibly overcomes such 
problem, the present Assignee has already proposed in 
commonly ownede^ co-pending patent application (JP Patent 
Application 2000-105328) a. configuration employing a key 
distribution method having respective information recording 
and/or reproducing devices arranged at respective leaves of 
an n-branched tree, in which a key necessary for recording 
the content data on a recording medium or reproduction from 
the recording medium (master key or media key) is 
distributed through a recording medium or over a 
communication network—. Each each equipment then 
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under takes undor talcing recording or reproduction of the 
content data using the so distributed master key or media 
key to enable the key to be distributed to authorized 
equipment (equipment in which secrecy is not disclosed)^ 
such that — with a lesser message volume is needed . 
Specifically, a key needed to generat o roquircd in generating 
a key required for recording on a recording medium or 
reproduction from the recording medium-? — — example , — a node 
key allocated to — each leaf — or node of a n branched tree, is 
set as a renewal node key. Such node key is allocated to 
each leaf or node of a n-branched tree. The renewal node key 
is encrypted such that decryption is possible only with a 
leaf key or a node key owned solely by the authorized 
equipment, and the resulting encrypted information is 
included in a key renewal block (KRB) which is then 
distributed to each information recording and/or reproducing 
piece of equipment. On receipt of the key renewal block 
(KRB) , each recording and/ or reproducin g piece of equipment 
executes KRB decrypting processing to acquire the key 
necessary fori** recording or reproduction on or from the 
recording medium. 

[0016] When^ # the key distributing method- — having is used in 
which the information recording and/or reproducing equipment 
pieces are arranged at the respective leaves of a n-branched 
tree-? — io used, — for example, — £- # and when media keys allocated 
to respective recording media— are encrypted with the key 
renewal block (KRB) and distributed in this form, each 
recording and/or reproducing equipment has to carry out 
media key calculations — . This must be done using the key 
renewal block (KRB) and the device key— each time the 
recording media are accessed. Since the volume of these 
calculations is proportionate to the product of the time 
needed toift decryptisig the individual encrypted messages and 
the tree depth up to the leaves corresponding to the 
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recording and/or reproducing equipment, the processing 
overhead is increased in the case of a large-sized system 
having a large number of the devices . 

[0017] Commonly owned Japanese Patent Application 2 000- 
105329 discloses Tho prcocnt AGGigncc has already proposed a 
configuration employing a key distribution method having 
respective recording and/or reproducing equipment arranged 
at respective leaves of an n-branched tree, in which a 
content key is furnished through a recoding medium over a 
communication network as a cipher key necessary to f or 
recording record and/ or reproducing — reproduce the content 
data on or from the recording medium^— i-s — furnished through a 
recording medium or — over — a — communi cat i on network — (JP Da tent 
Application — 2000 105329) . This configuration is ouch — a — one 
in which the content data and a content key corresponding to 
the encrypted content data are sent e.g., over a 
communication network, with the content key being sent as 
encrypted data. 

[0018] The encrypted content key is furnished using a key 
renewal block (KRB) obtained on encrypting a node key 
allocated to a node forming — at each leaf of a n-branched 
tree set as a renewal node key^ — ouch — that — The renewal 
node key can then be decrypted with a leaf key or a node key 
owned solely by an authorized equipment. By furnishing the 
content key encrypted by the renewal node key, only the 
authorized recording and/or reproducing device is able to 
acquire the content key. 

[0019] If the encrypted content key is furnished using the 
key distribution method having the information recording 
and/ or reproducing devices arranged at the respective leaves 
of the n-branched tree, each recording and/ or reproducing 
device has to process the KRB with the device key (leaf key) 
to calculate the content key- r. This is performed each time 
the content is used —. For for example, it is performed each 
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time the content is reproduced from the recording medium. 
[0020] Since the volume of these calculations is 
proportionate to the product of the time needed tois* 
decrypt ing the individual encrypted messages arid the; depth 
of the tree depth — up — to the leaves of the tree which 
correspondi*ig to the recording and/or reproducing equipment, 
the processing overhead is increased in the case of a 
large-sized system having a large number of the recording 
and/or reproducing devices. 

Disclosure of the Invent ion SUMMARY OF THE INVENTION 

[0021] For overcoming the above-mentioned problem, the 
present invention is aimed to provide a configuration 
employing a key distributing method including recording 
and/or reproducing equipment arranged at respective leaves 
of an n-branched tree, in which the processing of 
calculating the encrypted key or decrypting key based on the 
key renewal block (KRB) is omitted to enable the encrypted 
key or the decrypting key to be acquired in a short time. 
More specifically, the present invention is aimed to provide 
an information processing method, an information processing 
device, an information recording medium and a computer 
program, in which, after acquiring a media key of a 
recording medium on calculations, a given recording and/or 
reproducing device encrypts the so acquired media key using 
a cipher key unique to the recording and/or reproducing 
device, and stores the so encrypted media key, so that, when 
the recording medium is used next time, the media key can be 
calculated on decrypting the cryptotext only once, thereby 
enabling the content key as the encrypted key or the 
decrypting key to be acquired in a short time. 

[0022] The present invention is also aimed to provide a 

configuration of providing a content key as an encrypted key 
or the decrypting key employing a key distributing method 
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including recording and/ or reproducing equipment arranged at 
respective leaves of an n-branched tree, in which the 
processing of calculating the encrypted key or decrypting 
key based on the key renewal block (KRB) is omitted to 
enable the content key as the encrypted key or the 
decrypting key to be acquired in a short time. More 
specifically, the present invention is aimed to provide an 
information processing method, an information processing 
device, an information recording medium and a computer 
program, in which, after acquiring a content key for content 
stored in a recording medium on calculations, a given 
recording and/or reproducing device encrypts the so acquired 
content key using a cipher key unique to the recording 
and/or reproducing device, and stores the so encrypted 
content key, so that, when the recording medium is used next 
time, the content key can be calculated on decrypting the 
crypto text only once, thereby enabling the content key as 
the encrypted key or the decrypting key to be acquired in a 
short time. 

[0023] The present invention provides an information 

processing device for processing encrypted data, including 
storage means for holding a node key unique to each of a 
plurality of nodes forming a hierarchical tree structure 
having a plurality of such information processing devices, 
operating as leaves, and a leaf key unique to each of the 
information processing devices, and encryption processing 
means for executing encryption processing. The encryption 
processing means executes decryption processing of 
decrypting a key block formed as key storage data that can 
be decrypted using at least one of the node key and the leaf 
key held by the storage means to effect calculation 
processing of calculating a decrypting key used in 
decrypting the encrypted data. The encryption processing 
means also effects encrypting processing for encrypting the 
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calculated decrypting key using a key unique to the 
processing device to store the encrypted decrypting key on a 
recording medium or in a storage area in the information 
processing device. 

[0024] The present invention also provides an information 
processing device for processing encrypted data, including 
storage means for holding a node key unique to each of a 
plurality of nodes forming a hierarchical tree structure 
having a plurality of such information processing devices, 
operating as leaves, and a leaf key unique to each of the 
information processing devices, and encryption processing 
means for executing encryption processing. The encryption 
processing means executes decryption processing of 
decrypting a key block formed as key storage data that can 
be decrypted using at least one of the node key and the leaf 
key held by the storage means to effect calculation 
processing of calculating a decrypting key used in 
decrypting the encrypted data. The encryption processing 
means stores the calculated decrypting key in a storage area 
in the information processing device in association with a 
generation number as the renewal information for the 
decrypting key. 

[0025] The present invention also provides an information 

processing device for processing encrypted data, including 
storage means for holding a node key unique to each of a 
plurality of nodes forming a hierarchical tree structure 
having a plurality of such information processing devices, 
operating as leaves, and a leaf key unique to each of the 
information processing devices, and encryption processing 
means for executing encryption processing. The encryption 
processing means executes decryption processing of 
decrypting a key block formed as key storage data that can 
be decrypted using at least one of the node key and the leaf 
key held by the storage means to effect calculation 
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processing of calculating a decrypting key used in 
decrypting the encrypted data. The encryption processing 
means stores the calculated decrypting key in a storage area 
in the information processing device in association with the 
identification information used for discriminating the data 
decrypted using the decrypting key. 

[00261 The present invention also provides an information 

processing device for processing encrypted data, including 
storage means for holding a node key unique to each of a 
plurality of nodes forming a hierarchical tree structure 
having a plurality of such information processing devices, 
operating as - leaves , and a leaf key unique to each of the 
information processing devices, and decrypting processing 
means for executing decrypting processing. The decrypting 
processing means reads in a table stored in a recording area 
on a recording medium or in the information processing 
device to retrieve whether or not a decrypting key used for 
decrypting the encrypted data is stored therein. The 
decrypting processing means effects decrypting processing of 
the encrypted decrypting key stored on the recording medium 
or in the recording area in the information processing 
device in case of detection of the decrypting key to 
calculate the decrypting key used . for decrypting the 
encrypted data. The decrypting processing means effects 
decrypting processing of a key block formed by decryptable 
key storage data, in case of failure in detecting the 
decrypting key, using at least one of the node key and the 
leaf key held by the storage means, to calculate the 
decrypting key used in decrypting the encrypted data. 

[0027] The present invention also provides an information 

processing method used in a plural number of information 
processing devices for processing encrypted data, there 
being a node key unique to each node having a hierarchical 
tree structure having a plural number of such information 
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processing devices operating as leaves and a leaf key unique 
to each information processing device. The present method 
decrypts a key block formed by key storage data decryptable 
using at least the node key or the leaf key held by each of 
the information processing devices to calculate the 
decrypting key used in decrypting the encrypted data to 
encrypt the so calculated decrypting key using the key 
unique to each information processing device to store the 
encrypted decrypting key in a recording medium or in a 
recording area in the information processing device. 

[0028] The present invention also provides an information 

processing method used in a plural number of information 
processing devices for processing encrypted data, there 
being a node key unique to each of a plurality of nodes 
forming a hierarchical tree structure having a plurality of 
such information processing devices operating as leaves, and 
a leaf key unique to each of the information processing 
devices, in which the method includes decrypting a key block 
formed as key storage data that can be decrypted using at 
least one of the node key and the leaf key held by the 
information processing device, calculating a decrypting key 
used for decrypting encrypted data and storing the 
calculated decrypting key in a storage area in the 
information processing device in association with a 
generation number as the renewal information of the 
decrypting key. 

[0029] The present invention also provides an information 

processing method used in a plural number of information 
processing devices for processing encrypted data, there 
being a node key unique to each of a plurality of nodes 
forming a hierarchical tree structure having a plurality of 
such information processing devices operating as leaves, and 
a leaf key unique to each of the information processing 
devices, in which the method includes decrypting a key block 
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formed as key storage data that can be decrypted using at 
least one of the node key and the leaf key held by the 
information processing device, calculating a decrypting key 
used for decrypting encrypted data/ and storing the 
calculated decrypting key in a storage area in the 
information processing device in association with the 
identification information for discriminating the data 
decrypted using the decrypting key. 

[0030] The present invention also provides an information 
processing method used in a plural number of information 
processing devices for processing encrypted data, there 
being a node key unique to each of a plurality of nodes 
forming a hierarchical tree structure having a plurality of 
such information processing devices as leaves, and a leaf 
key unique to each of the information processing devices, in 
which the method includes reading in a table stored on a 
recording medium or in a storage area in an information 
processing device, retrieving whether or not there is stored 
a decrypting key used in decrypting the encrypted data and 
decrypting the encrypted decrypting key stored on the 
recording. medium or in the recording area in the information 
processing device, in case the decrypting key has been 
detected, to calculate a decrypting key used in decrypting 
the encrypted data, and decrypting, in case of failure in 
detecting the decrypting key, a key block formed by key 
storage data, decryptable using at least one of the node key 
and the leaf key held by the information processing device, 
to calculate the decrypting key used in decrypting the 
encrypted data.. . 

[0031] The present invention also provides a computer 

program executed on a plural number of information 
processing devices for processing encrypted data, there 
being a node key unique to each of a plurality of nodes 
forming a hierarchical tree structure having a plurality of 
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such information processing devices operating as leaves, and 
a leaf key unique to each of the information processing 
devices, in which the computer program includes decrypting a 
key block formed as key storage data that can be decrypted 
using at least one of the node key and the leaf key held by 
the storage means, calculating a decrypting key used in 
decrypting the encrypted, data, encrypting the calculated 
decrypting key using a key unique to the processing device, 
and storing the encrypted decrypting key on a recording 
medium or in a storage area in the information processing 
device . 

[0032] The present invention also provides a computer 

program executed on a plural number of information 
processing devices for processing encrypted data, there 
being a node key unique to each of a plurality of nodes 
forming a hierarchical tree structure having a plurality of 
such information processing devices operating as leaves, and 
a leaf key unique to each of the information processing 
devices, in which the program includes decrypting a key 
block formed as key storage data that can be decrypted using 
at least one of the node key and the leaf key held by the 
information processing device, calculating a decrypting key 
used for decrypting encrypted data and storing the 
calculated decrypting key in a storage area in the 
information processing device in association with a 
generation number as the renewal information of the 
decrypting key. 

[0033] The present invention also provides a computer 

program executed on a plural number of information 
processing devices for processing encrypted data, there, 
being a node key unique to each of a plurality of nodes 
forming a hierarchical tree structure having a plurality of 
such information processing devices operating as leaves, and 
a leaf key unique to each of the information processing 
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devices, in which the computer program includes decrypting a 
key block formed as key storage data that can be decrypted 
using at least one of the node key and the leaf key held by 
the information processing device, calculating a decrypting 
key used for decrypting encrypted data, and storing the 
calculated decrypting key in a storage area in the 
information processing device in association with the 
identification information for discriminating the data 
decrypted using the decrypting key. 

[0034] The present invention also provides a computer 

program executed on a plural number of information 
processing devices for processing encrypted data, there 
being a holding a node key unique to each of a plurality of 
nodes forming a hierarchical tree structure having a 
plurality of such information processing devices, operating 
as leaves, and a leaf key unique to each of the information 
processing devices, in which the computer program includes 
reading in a table stored on a recording medium or in a 
storage area in an information processing device, retrieving 
whether or not there 15 stored a decrypting key used in 
decrypting the encrypted data, decrypting the encrypted 
decrypting key stored on the recording medium or in the 
recording area in the information processing device, in case 
the decrypting key has been detected, to calculate a 
decrypting key used in decrypting the encrypted data, and 
decrypting, in case of failure in detecting the decrypting 
key, a key block formed by key storage data decryptable 
using at least one of the node key and the leaf key held by 
the information processing device, to calculate the 
decrypting key used in decrypting the encrypted data. 

[0035] The present invention also provides an information 

recording medium in which the recorded information can be 
read out by a plural number of information processing 
devices wherein a decrypting key, that is a key used for 
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decrypting the encrypted data, is recorded" as a key storage 
table in association with the identification information of 
the information processing device. 

[0036] In the configuration of the present invention, the 

volume of distributed messages required for key renewal is 
suppressed by employing the hierarchical key distribution 
system of a tree structure. That is, the key distribution 
method of a configuration having respective equipment 
arranged at respective leaves of a n-branched tree is used. 
The keys necessary for recording content data on a recording 
medium or reproducing data from the recording medium (master 
key, media keys or content keys) are distributed via 
recording medium or over a communication network. Using 
these keys, the respective devices record or reproduce 
content data. By the key distribution system of the tree 
structure, the media key to be renewed is transmitted along 
with the key renewal block (KRB) , with the recording and/or 
reproducing device then calculating and acquiring the media 
key of the recording medium based on the received KRB to 
encrypt the acquired media key using a cipher key unique to 
the recording and/or reproducing device, such as a leaf key, 
to store the encrypted leaf key for storage in the recording 
medium or in the memory of the recording and/or reproducing 
device. Thus, when the recording medium is to be used next 
time, the recording and/or reproducing device is able to 
calculate the media key on decrypting the encrypted key only 
once to decrease the volume of the processing operations, 
such as KRB decrypting processing as needed for the 
recording and/or reproducing device to access the recording 
medium. 

[0037] Similarly, by the key distributing configuration 

of the tree structure, the content key for encrypting the 
content is transmitted along with the key renewal block 
(KRB), with, the recording and/or reproducing device then 
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acquiring the content key based on the received KRB and 
encrypting the cipher key unique to the recording and/or 
reproducing device, such as a leaf key/ to store the 
resulting encrypted key on a recording medium or in a memory 
of the recording and/or reproducing device. So, when the 
recording and/ or reproducing device next reproduces and 
exploits the content, the content key can be calculated on 
decrypting the encrypted content key only once, thus 
eliminating the necessity " for the recording and/or 
reproducing device to execute KRB decrypting processing each 
time the content is used. 

[0038] Meanwhile, the program furnishing medium according 

to the present invention is a medium for furnishing a 
computer program, in a computer readable form, to a general- 
purpose computer system capable of executing a variety of 
program codes. There is no particular limitation to the 
configuration of the media, -including recording media, such 
as CD, FD or MO, or to the transmission medium, such as 
networks . 

[0039] The program furnishing medium gives a definition 

of the relationship as to structural or functional 
cooperation between the computer program and the furnishing 
medium in implementing the functions of the preset computer 
program on a computer system. Stated differently, by 
installing the computer program on the computer system 
through the furnishing medium, cooperative actions can be 
realized on the computer system to realize the operations 
and effect similar to the other aspects of the present 
invention. 

[0040] Other objects, features and advantages of the 

present invention will become more apparent from reading the 
embodiments of the present invention with reference to the 
drawings . 

Brief — Description — e£ — fefee — Drawingo BRIEF DESCRIPTION OF THE 
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DRAWINGS 

[0041] Fig._l is a block diagram showing an illustrative 

structure of an information recording and/or reproducing 
device of the present invention. 

[0042] Figs. 2A and 2B show data recording processing 

flow of the information recording and/or reproducing device 
of the present invention. 

[0043] Figs._3A and 3B show data reproduction processing 

flow of the information recording and/or reproducing device 
of the present invention. 

[0044] Fig._4 shows a tree structure for illustrating the 

encryption processing for a key, such as a media key, for 
the information recording and/or reproducing device of the 
present invention. 

[0045] Figs._5A and 5B show an instance of a key renewal 

block (KRB) used for distributing media keys to the 
recording and/or reproducing device according to the present 
invention. 

[0046] Fig. 6 shows an instance of distribution and an 

instance of decryption processing employing a key renewal 
block (KRB) for a media key in the information recording 
and/or reproducing device. 

[0047] Fig. 7 is a block diagram for illustrating the 

encryption processing in data recording processing employing 
a media key in the recording and/ or reproducing device 
according to the present invention. 

[0048] Fig._8 illustrates the generation of a key unique 

to a disc, usable in the information recording and/or 
reproducing device according to the present invention. 

[0049] Fig. 9 shows an instance of generating and 

processing a key unique to a title, usable in the 
information recording. and/or reproducing device according to 
the present invention. 

[0050] Fig. 10 shows an instance of generating and a 
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block key, usable in the information recording and/or 
reproducing device according to the present invention. 

[0051] Fig. 11 is a block diagram for illustrating the 

decryption processing during data reproduction employing a 
media key in the information . recording and/ or reproducing 
device according to the present invention. 

[0052] Fig. 12 shows instances of distribution, 

decryption and key storage processing employing the key 
renewal block (KRB) of the media key in the information 
recording and/or reproducing device according to the present 
invention. 

[0053] Fig. 13 shows instances of distribution, 

decryption and key storage processing flow (instance 1) 
employing the key renewal block (KRB) of the media key in 
the information recording and/or reproducing device 
according to the present invention. 

[0054] Fig. 14 shows instances of distribution, 

decryption and key storage processing flow (instance , 2) 
employing the key renewal block (KRB) of the media key in 
the information recording and/or reproducing device 
according to the present invention. 

[0055] Fig. 15 shows instances of distribution, 

decryption and key storage processing employing the key 
renewal block (KRB) of the media key in the information 
recording and/ or reproducing device according to the present 
invention. 

[0056] Fig. 16 shows instances of distribution, 

decryption and key storage processing flow employing the key 
renewal block (KRB) of the media key in the information 
recording and/ or reproducing device according to the present 
invention. 

[0057] Fig. 17 shows instances of distribution, 

decryption and key storage processing employing the key 
renewal block (KRB) of the media key in a modification of 
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the information recording and/ or reproducing device 
according to the present invention. 

[0058] Fig. 18 shows a tree structure for illustrating 

the encryption processing of a key, such as a content key, 
for the information recording and/ or reproducing device 
according to the present invention. 

[0059] Figs. 19A and 19B show an instance of a key 

renewal block (KRB) used in distributing a key, such as 
content key, for the information recording and/or 
reproducing device according to the present invention. 

[0060] Fig. 20 shows an illustrative data structure at 

the time of furnishing content and a content key for the 
information recording and/or reproducing device according to 
the present invention. 

[0061] Fig. _21 shows instances of distribution, 

decryption and key storage processing employing a key 
renewal block (KRB) of a content key in the information 
recording and/or reproducing device. 

[0062] Fig. 22 shows instances of distribution, 

decryption and key storage processing employing a key 
renewal block (KRB) of a content key in the information 
recording and/or reproducing device according to the present 
invention. 

[0063] Fig.__23 shows instances of content decryption and 

key storage processing flow (instance 1) employing a key 
renewal block (KRB) of a content key in the information 
recording and/or reproducing device according to the present 
invention. 

[0064] Fig._24 shows instances of content decryption and 

key storage processing flow employing a key renewal block 
(KRB) of a content key in the information recording and/or 
reproducing device according to the present invention. 

[0065] Fig.___2 5 shows instances of content decryption and 

key storage processing employing a key renewal block (KRB) 
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of a content key in the information recording and/or - 
reproducing device according to the present invention. 

[0066] Fig. 2 6 shows instances of distribution, 

decryption and key storage processing employing a key 
renewal block (KRB) of a content key in the information 
recording and/or reproducing device according to the present 
invention. 

[0067] Figs._27A and 27B are flowcharts for illustrating 

copying controlling processing in data recording processing 
in the information recording and/or reproducing device 
according to. .the present invention. 

[0068] Figs._28A and 28B are flowcharts for illustrating 

the copying controlling processing in data reproduction 
processing in the information recording arid/or reproducing 
device according to the present invention. 

[0069] Fig.__29 is a block diagram showing a structure of 

processing means in case data processing is executed by 
software in the information recording and/or reproducing 
device according to the present invention. 
Best Mode for Carrying out the Invention 

Referring to the drawings , the present invention io now 
explained in detail . DETAILED DESCRIPTION 

[0070] Fig. 1 is a block diagram showing the structure of 
an embodiment of a recording and/or reproducing device 100 
according to the present invention. The recording and/or 
reproducing device 100 includes an input /output I/F 
(interface) 120, an MPEG (Moving Picture Experts Group) 
codec 130, an input/output I/F (interface) 140 including 
incluoivc — a# an analog to digital J_A/D_)_ an d a digital to 
analog Jp/A)_ converter 141, encryption processing means 150, 
a ROM (read-only memory) 160, a CPU (central processing 
unit). 170, a memory 180 and a recording medium interface 
(I/F) 190 for a recording medium 195. These units are 
interconnected over a bus 110. 
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[0071] The input/output I/F 120 receives digital signals 

forming various content, such as pictures, speech or 
programs, supplied from outside . the device 100 , to output 
the received signals over the bus 110. The input/output I/F 
120 also receives digital signals over the bus 110 to output 
the signals to outside of the device 100 . The MPEG codec 13 0 
MPEG decodes the MPEG- encoded data, supplied over the bus 
110, to output the decoded data to the input/output I/F 
14 0— ^_ The MPEG codec 13 0 also encodes while — MPEG encoding 
digital signals supplied from the input/output I/F 140 to 
output -fekeMPEG encoded signals over the bus 110. 
input /output — — 3r4r0 — includes an A/D D/A converter — 141. The 
input/output I/F 140 receives analog signals, as content, 
supplied from outside, and performs analog to digital 
conversion of - fee — A/© — (analog/digital ) — convert the received 

analog signals into digital signals, an dw hich a^ee 

output outputs them toa-fe the MPEG codec 130. The input/output 
I/F 140 also performs digital to analog conversion of the 
— ( digi tal /analog) — converts — digital signals received from 
the MPEG codec 13 0 into analog signals using— by the A/D— D/A 
converter 141 . The analog signals into analog signals , which 
are then output to outside. 

[0072] The encryption processing means 150 is formed by, 
for example, a one-chip LSI (large scale integrated 
circuit)^- — aft ^ The encryption processing means encrypts or 
decrypts the digital signals, as content, supplied over the 
bus 110, to output the resulting data again over the bus 
110. Meanwhile, the encryption processing means 150 is not 
limited to a one-chip LSI but may also be formed by various 
software and hardware combined together. The configuration 
as processing means by the software configuration will be 
explained subsequently. 

[0073] The ROM 160 stores m cmorizeo a leaf keys key , as a 

device key owned either by — inherent — fee each e£ — plural 
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individual recording and/ or reproducing devices- or byfce each 
of plural — groups of recording and/or reproducing devices^— 
en d The ROM also stores a node key as a device key co-owried 
by plural individual recording and/or reproducing devices or 
by plural groups of recording and/or reproducing 
dcvicc devices . The CPU 170 executes programs stored in a 
memory 180 to control e.g. , the MPEG codec 13 0 and the 
encryption processing means 150 —, for example. The memory 
180 is e.g., a nonvolatile memory for storing programs run 
by the CPU 170 or for storing data required for operation of 
the CPU 170. The recording mediu m I/F J^interface^_ 190 drives 
a recording medium 19 5— capable of recording and/or 
reproducing digital data— to read out or reproduce digital 
data from the recording medium 195^ — fee — output — fehe — & e The 
read-out digital . data is outputted over the bus 110. The 
recording medium interface 19 0 also furnishes the digital 
data, provided over the bus 110,. to the recording medium 195 
for recording thereon. Meanwhile, the program and the device 
key may also be stored in the ROM 160 and in the memory 180, 
respectively. 

[0074] A modem 2 00 connects to an external device over a 

telephone network. For example, the modem 2 00 connects to a 
server, such as Internet service provider (ISP) for 
establishing a communication path with content distribution 
servers on the Internet. 

[0075] The recording medium 195 is a medium capable of 
mcmor i z ing s tor ing digital data, including optical discs, 
such as DVD or compact disc ( CD) , magneto-optical disc, 
magnetic disc, magnetic tape or a semiconductor memory, such 
as RAM. In the present embodiment, the recording medium 195 
is removable with respect to the recording medium interface 
190. The recording medium 195 may also be enclosed in the 
recording and/or reproducing device 100. 

[0076] Referring to the flowcharts of Figs. 2 A, 2B, 3A 
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and 3B, the data recording processing on the recording 
medium and the data reproducing processing from the 
recording medium, in the recording and/ or reproducing, device 
of Fig._l, are hereinafter explained. In recording the 
content of digital signals from ou t s i de the devi c e e ftonto 
the recording medium 195, the recording processin g is 
performed in accordance with the flowchart of Fig. 2A. io 
performed. That is, when the content of digital signals 
(digital content) are sent^_ e.g._j_ over an IEEE (Institute of 
Electrical and Electronics Engineers) 1394 serial bus to the 
input/output I/F 120, the input/output I/F 120 at step S201 
receives the digital content, supplied thereto, to output 
the received digital content over the bus 110 to the 
encryption processing means 150. 

[0077] The encryption processing means 150 at step S202 

executes the encryption processing on the digital content 
received to output the resulting encrypted content over the 
bus 110 to the recording medium interface 190. The encrypted 
content is recorded via recording medium interface 19 0 on 
the recording medium 195 (S203) to terminate the recording 
processing. * 
[0078] As the standard for protection of digital content 
in case of transmitting the digital content between 

equipment interconnected over an IEEE 13 94 serial bus, 

5CDTCP (Five Company Digital Transmission Content 
Protection), incidentally referred to as DTCP, is provided 
by five companies including inclusivG of the present Assignee 
company — (-SONY Corporation-)-. In this DTCP, when non-copy-f ree 
digital content is transmitted between different devices, 
reciprocal authentication is performed prior to data 
transmission to make — a— check as — to w hether or not the copy 
control information-; — used — #ea? — copy — control , can be handled 
correctly . If the copy control information can be handled 
correctly, the 1 ! 1 ^ transmission side then encrypts the 
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digital content and sends the so encrypted content, with the 
receipt receiving side then decrypting the encrypted digital 
content (encrypted content) . 

[0079] In data transmission and reception, based on the 

DTCP standard, the input/output I/F 12 0 on the data receipt 
side at step S201 receives the encrypted content over the 
IEEE 1394 serial bus to decrypt the encrypted content in 
accordance with the DTCP to output the resulting plaintext 
content subsequently to the encryption processing means 150. 

[0080] The encryption of the digital content by DTCP is 
executed by generating a key changing with time and by 
employing the se- generated key. The encrypted digital 
content, inclusive of the key used for encryption> is 
transmitted over the IEEE 1394 serial bus. The receipt side 
decrypts the encrypted digital content, using the key 
contained therein. 

[0081] M ore correctly, according to DTCP, an initial 
value of the key and a flag indicating the change timing of 
the key used in encrypting the digital content is included 
in the encrypted content. The receipt side modifies the 
initial value of the key contained in the encrypted content 
with a timing of a flag similarly contained in the encrypted 
content to generate a key used for encryption to decrypt the 
encrypted content. However, this may be thought to be 
equivalent to the encrypted content containing a key for 
decryption. Therefore, in the following, this understanding 
is used. It should be noted that an information version of 
the DTCP standard can be acquired by any person fro m the 
DTLA (Digital Transmission Liccncing Lticensing 

Administrator). 

[0082] The processing of recording the content of analog 

signals arriving from outside the device 100 eftonto the 
recording medium 195 is now explained with reference to. the 
flowchart of Fig._2B. When the content of the analog signals 
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(analog content) a*reis sent to the input/output I/F140, the 
input/output I/F 140 at step S221 receives the analog 
content. The input/output I/F 140 then proceeds to S222 to 
A/D convert the analog content usingfe y the include d cncloocd 
A/D- D/A converter 141 into the,, form of —fee — form content of 
digital signals (digital content) . 

[0083] The digital content is sent to the MPEG codec 130. 

At step S223, the digital content is MPEG encoded, that is 
encoded usingfey MPEG compression. The resulting encoded data 
is sent over the bus 110 to the encryption processing means 
150. 

[0084] Subsequently , at steps S224 and S225, the 

processing similar to that performed at steps S202 and S203 
of Fig._2A is performed. That is, the encryption processing 
by the encryption processing means 150 is executed and the 
resulting encrypted content is recorded on the recording 
medium 195. The recording processing is then terminated. 

[0085] The processing of reproducing the content . recorded 

on the recording medium 195 and output ting the reproduced 
content as digital or analog content is explained with 

reference to the flowcharts of Figs. 3 A and 3B. The 

processing of outputting the content as digital content to 
outside is executed as the reproduction processing 
conforming to the flowchart of Fig._J3A. That is, first, at 
step S3 01, the encrypted content, recorded on the recording 
medium 195, is read out by the recording medium interface 
190, and output over the bus 110. to the encryption 
processing means 150. 

[0086] At step, S3 02, th c Thc encryption processing means 

150 arfe — step — S302 — decrypts the encrypted content, supplied 
from the recording medium interface 190, and the resulting 
decrypted data is sent over the bus 110 to the input/output 
I/F 120. At step S303, the input/output I/F 120 outputs the 
digital content to outside to terminate the reproduction 
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[0087] In output ting the digital content over the IEEE 

1394 serial bus, the input/output I/F 120 at step 53 03 
undertakes authentication with a counterpart device, in 
accordance with the DTCP standard, as described above. The 
input /output I/F 12 0 then encrypts and transmits the digital 
content . 

[0088] In reproducing the content recorded on the 

recording medium 19 5 and outputting the reproduced content 
as analog data to outside, the reproducing processing is 
executed in accordanc c aaoociation with the flowchart of Fig. 
3B. 

[0089] That is, at steps S321 and S322, the processing 

similar to that in steps S301 and S302 is carried out, 
whereby the decrypted digital content, obtained by the 
encryption processing means 150, is sent over the bus 110 to 
the MPEG codec 13 0. 

[0090] The MPEG codec 13 0 at step S3 2 3 MPEG decodes, that 
is expands, the digital content, to output the expanded 
content to the input/output I/F 140. The input/output I/F 
140 at step S324 D/A converts the digital content, MPEG 
decoded. . by the MPEG codec 130, by — using the enclosed 
included A/D— D/A converter 141, to form analog content. The 
MPEG codec then proceeds to step S325 where the input/output 
I/F 140 outputs the analog content to outside the device 100 
to terminate the reproduction processing. 

[0091] The A c on f i gur a t i on of for di s t r ibu t i ng keys , for 
example, a master key or a media key, to respective 
equipment will now be explained, the keys being necessary 

for the recording and/or reproducing device of Fig. 1 to 

record or reproduce data on or from the recording mediunur- 
f or — example, — a — master — key — — a — media — key , — fee — respective 
equipment, — is — now explained. The master key is a common key 
in the present system, owned held by all of the recording 
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and reproducing devices in common fey — plural — devices — and 
recorded in the devices at the time of manufacture — thereof . 
The — master — key — is — preferably — common — fee — aii — devices used — ift 
this — key distribution system. — The media key is a key proper 
belongs to each recording medium and is recorded in the 
recording medium at the time e£ — that the medium is 
manufacture — manuf acture d thereof . Ideally, the media key 
differs from one recording medium to another. However, from 
the constraint associated with the manufacturing process of 
the recording medium, more realistically, the media key 
varies — may — more — realistically — fee — changed from one group 
of madc up of plural recording media to another. For example, 
the media key may be changed from one lot corresponding to a 
production lot of recording media as one group to another. 
The following description is centered about an instance of 
renewing these keys. However, the present invention may also 
be applied for distributing or recording these keys to or on 
a device not having a master key recorded or on a recording 
medium not having on which a media ke y is not recorded. 

[0092] Fig._4 shows a key distribution configuration - in a 

recording and/or reproducing device in a recording system 
employing the present system. The numbers 0 to 15 shown in 
the bottom row of Fig. 4 indicate respective recording 
and/or reproducing devices. That is, the respective 
recording and/ or reproducing devices leaves of — the tree 
structure shown in Fig. 4 correspond to the respective leaves 
of the tree structure shown in Fig. 4 rocording — and / or 
reproducing devices . 

[0093] The respective devices 0 to 15 at the time of 

manufacture and 4 shipment->- include stored therein keys (node 
keys) stored therein , the node keys being assigned to nodes 
from own leaves to the root in a predetermined initial tree, 
and leaf keys of the respective keys. Keys K0000 to Kllll, 
shown at the bottom of Fig.__4, represent leaf keys assigned 



28 



SONYAK 3.3-180 

MARKED UP SPECIFICATION 



to the respective devices 0 to 15^- — with the keys — from — the 
The top key -t eKR and all the keys entered — ±n — oecond — nodes 
from the bottom between the top key and the leaf keys, i.e. 
all keys from key KR to the keys K0000 to . Kill being node 
keys . 

[0094] In the tree s true ture-r shown in Fig._4, the device 

0- — for example, owns the leaf key K0000 and node keys K000, 
K00, K0 and KR. The device 5 owns leaf key KOI 01, and node 
keys K010, KOI, K0 and KR, while the device 15 owns leaf key 
Kllll, and node keys Kill, Kll, Kl and KR. Although only 16 
devices ef — numbered 0 to 15 are indicated in the tree 
structure of Fig. 4, more devices may be entered in a tree. 
with M oreover, while the tree configuration being of has a 
well-balanced left-right symmetrical structure in four rows, 
more — devices — may be — entered — ±& — a — tree, — while — the number of 
rows in the tree structure may differ from that shown 
therein. 

[0095] /The recording and/or reproducing devices- included 

in the tree structure of Fig. 4, arc comprised — ef — the 

recording — and/ or — reproducing — devices — e£ — variable m ay be of 
different types employing a variety of recording media, such 
as DVD, CD, MD or Memory Stick ( registered trademark of Sony 
Corporation ) . Moreover, it may be presupposed assumed that a 
variety of application services co-exist. The key 

distribution configuration shown in Fig. 4 is applied to 

this presupposed co existing — -configuration of different 

co-existing applications. _ 

[0096] In ^fche — a system where these — variable — different 

types of devices and applications co-exist, the portion 
surrounded by a dotted line in Fig._4, that is devices 0 to 
3, is set as a group employing eae — a**el — the same recording 
medium. For the devices belonging to this groups — defined 
indicated by the dotted line, certain p rocessing operations 
may be performed simultaneously , such as encrypting common. 
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content to bo forwarded from a provider, forwarding a master 
key used in common, or output ting payment data of such as a 
content fee in a similarly encrypted form to a provider or 
to a settlement organization^- — may — fee — oxocutod — a^ — a. time. 
The organization responsible for data transmission and 
reception to or from respective devices, such as the content 

providers or settlement organizations, execute fefee 

processing — — processes forwarding data in a lumped form, 
with the portion surrounded by a dotted line in Fig._4, that 
is the devices 0 to 3 , as a group. A plural number p lurality 
of such groups exist in the tree structure of Fig._4. 

[0097] It should be noted that the node and leaf keys may 

be supervised . in a centralized fashion by a sole key 
management center, or on the group basis by the providers or 
settlement organizations transmitting or receiving a variety 
of data to or from the respective groups. ^ — case of, — foa? 
example, — key — leakage, — In the event the security of a key is 
compromised, i.e., the key, becomes known, the node or leaf 
keys are renewed by the key management center, provider or 
by the settlement, organizations . 

[0098] As may. be seen from Fig. _4, the four devices 0 to 

3 of one group own common keys K00, K0 and KR as node keys. 
By exploiting this node key co-owning configuration, it 
becomes possible to furnish e.g., a common master key only 
to the devices 0 to 3 , for example. - — Fer — cxamplc Thus , if 
the co-owned node key K00 itself is set as a master key, a 
common master key can be set only for. the devices 0 to 3 
without executing new key forwarding operations. Moreover, 
if a value Enc (K00, Kmaster) , obtained on encrypting a new 
master key Kmaster with the node key K00, is distributed 
over the network, or as it is stored on a recording medium, 
only the devices 0 to 3 are able to decrypt the cipher Enc 
(K00, Kmaster) to obtain the- master key Kmaster. Meanwhile, 
Enc (Ka, Kb) indicate data obtained on encrypting a key Kb 
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wit h a key Ka. . . 

[0099] If it is revealed at a certain time point t that 

the keys owned by the device 3, that is K0011, K001, K00, K0 
and K R wore analyzed by - an aggroooor — (hacker) and diocloocd 
have become known, for example, through the efforts of a 
hacker, the device 3 subsequently needs to be separated from 
the system in order to protect data transmitted or received 
in the syste m, i.e.,. — {-group of the devices 0 to 3-K To this 
end, the node keys K001, K00, K0 and KR must be renewed to 
new keys K(t)001, K(t)00, K(t)0 and K(t)R, respectively, 
while these renewed keys must be transmitted to the devices 
0, 1 and 2. - Mcanwhilo Herein , the notation K(t)aaa denotes 

that it — is — a renewed key e# a — key — for Kaaa with — a 

generation ! — time t. 

[0100] The processing of distributing a renewal key is 

now explained. The renewal of a key is executed by storing a 
table formed by block data termed known as a key renewal 

block (KRB) [shown for example in Fig._5AJj_ in a network or 

in a recording medium and fey sending the table to the 
devices 0 to 2 . . 

[0101] The key renewal block (KRB) , shown in Fig._5A, is 
formed as block data — having a data structure in which 
renewal is possible only for the devices in need of renewal 

of node keys. The block data shown in Figs. 5A and 5B are 

formed with a view to distributing a renewal node key of the 
at a time of generation t to the devices 0, 1 and 2 of the 
tree structure shown in Fig._4. As may.be seen from Fig._4, 
the devices 0 and 1 are in need needs of K(t)00, K(t)0 and 
K ( t ) R-r as renewal node keys . - — whiles t thc On the other hand, 
device 2 is in need of K(t)001, K(t)00, K(t)0 and K(t)R-r- as 
renewal node keys. 

[0102] As shown in the KRB of Fig._5A, plural a plurality 

of encrypted keys are contained in the KRB . The encrypted 
key at the bottom row is Enc (K0010, K(t)001). This is a 
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renewal node key K(t) 001 , encrypted by the leaf key K0010, 
owned by the device 2, so that the device 2 is able to- 
decrypt the encrypted key by the device's own leaf key to 
obtain K(t)001. Moreover, using K(t)001, obtained on 
decryption, the encrypted keys Enc(K(t)001 / K(t)00) in the 
second row from the bottom of Fig._5A can be decrypted to 
give — yield the renewed node key K(t)00. In a similar 
sequence of operations, the encrypted keys Enc(K(t)00, 
K(t)0) in the second row from top of Fig._5A can be 
decrypted to give a renewed node key K(t)0, whilst the 
encrypted . keys Enc(K(t)0, K(t)R) in the first row from top 

of Fig. 5A can be decrypted to give K(t)R. As for .the 

devices 0 and 1, the node key K000 is not to be renewed. It 
is only K(t)00, K(t)0 and K ( t ) R that are needed as. renewal 
node keys. As for the devices 0 and 1, the encrypted keys 
Enc(K000, K(t)00) in the third row from the top of Fig._5A 
are decrypted to obtain K(t)00. Similarly, the encrypted 
keys Enc(K(t)00, K(t)0) in the second row from top of Fig. 
5A are decoded to give a renewal node key K(t)0 and the 
encrypted keys Enc (K(t) 0, K(t)R) in the first row from top 
of Fig._5A are decrypted to give K(t)R. In this manner, the 
devices 0 to 2 are able to acquire the renewed keys K(t)R. 
Meanwhile, indices in 5A denote absolute addresses of the 
node and leaf keys used as decoding keys. 

[0103] If renewal of the node keys K(t)0 and K(t)R in the 
topmost row of the tree structure shown in Fig. 4 is 
unneeded, whilot w hile only the renewal of the node ley K00 

is needed, the key renewal block (KRB). of Fig. 5B may be 

used to distribute the renewal node key K(t)00 to the 
devices 0 to 2 . 

[01041 The KRB shown in Fig.__5B may be used in case a new 

master key to be co-owned by e.g., a specified group or a 
media key unique to a recording medium is to be distributed. 
As a specified instance, it is assumed that the devices 0 to 
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3 in the group shown by a dotted line in Fig._4 are using a 
certain recording medium, and that a new common master key 
K(t)master is needed. At this time, data Enc(K(t), 
K(t)master) , obtained on encrypting a new common renewed 
master key K(t)master, using K(t)00 / which is a renewed node 
key K00 common to the devices 0 to 3 , is distributed along 

with the KRB shown in Fig. 5B. By this distribution, 

distribution as data not decrypted by an equipment of the 
other group, such as device 4, becomes possible. The same 
may be said of the media key. 

[0105] That is, the devices 0 to 3 are able to decrypt 

the aforementioned cryptotext, using K(t)00 obtained on 
processing KRB to obtain the master key K(t)master or the 
media key K(t)media at a time point t. 

[01061 Fig. 6 shows, as a processing instance of 

obtaining the media key K(t) media at a time point t as 
proposed in a senior patent application of the present 
Assignee (JP Patent Application 2000-105328) , the processing 
of the device 2 which has received, through the recording 
medium, data Enc(K(t)00, K(t)media) which has encrypted the 
new common media, key K ( t ) media us ing K ( t ) 0 0 , and the KRB 
shown in Fig._5B. 

[0107] It is assumed that, as shown in Fig._4, the four 

devices 0 to 3 encircled in a dotted line are included in a 

certain recording and/or reproducing system. Fig. 6 shows 

the processing in finding the media key heeded for the 
recording and/or reproducing device (device 2) to encrypt or 
decrypt the content on the recording medium in case the 
device 3 is revoked and the media key assigned from one 
recording medium to another is used, with the aid of a key 
renewal block (KRB) and a device key memorized by the 
recording and/or reproducing device. 

[0108] In a memory of the device 2, there are safely 

stored the leaf key K0010, assigned only to itself, and node 



33 



SONYAK 3 .3-180 

MARKED UP SPECIFICATION 



keys K001-, K00, K0 and KR of the respective nodes 001, 00, 0 
and R from the leaf key up to the root of the tree. The 
device 2 has to decrypt the cryptotext with the index of 
0 010, in the KRB stored in the recording medium of Fig.__6, 
with an own leaf key K0010, to calculate the node key 
K(t)001 of the node 001, to decrypt the cryptotext with the 
index 001, using the so calculated node key, to calculate 
the node key K(t)__00 of the node 00, and finally to decrypt 
the cryptotext with the index of 001, using the so 
calculated node key, to calculate the media key K(t)_media. 
The number of times of calculations is increased as the 
depth from the leaf to the node for encrypting the media key 
is increased. That is, voluminous calculations are needed in 
a large system where there exist a large number of recording 
and/or reproducing devices. The data encryption and 
decryption processing modes employing the so calculated and 
acquired media key are hereinafter explained. 

[0109] Referring to the processing block diagram of Fig. 

7 , an example will be explaine d inotancc of the data 

encryption processing executed by the encryption processing 
means 15 0 , as well as and the recording and/ or reproducing 
processing for a recording mediu m is explained . 
[01101 The recording and/ or reproducing device 700 
acquires the media key by the calculating processing based 
on the own KRB described above. 

[01111 The recording and/or reproducing device 700 checks 

whether or not a disc ID has already been recorded as %fee 
identification information fees — already been — recorded — on 
e . g . , — a recording medium 7 02 such as an optical disc , for 
example . If the disc ID has already been recorded, the disc 
ID is read out. If otherwise, a disc ID 1701 is generated/ 
for example, by e.g. , — a random number generation method 
selected at random or predetermined at the encryption 
processing means 150. The disc ID 1701 so generated is 
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recorded on the disc. Since only one disc ID suffices for 
the disc, it may be stored e.g., in a lead-in area , for 
example . 

[0112] The recording and/ or reproducing device 7 00 then 

generates a disc unique ke y for the disc, referred to herein 
as a "disc unique key" , using the media key 701 and the disc 
ID. As a specified method for generating the disc unique 
key-? — a method — e # according to an instance l_j_ employing the 
results obtained on inputting the media key and the disc ID 
to a hash function employing a block cipher function are- ? — a& 
shown in Fig. 8—. Alternatively, in the method according to 
or a method of an instance 2 employing, — as— a disc unique key 
is employed , only a needed data length from a 160-bit 
output, obtained on inputting data generated on bit 
concatenation of the media key and the disc ID to the hash 
function SHA-1, as defined in FIPS (Federal Information 
Processing Standards Publications) 180-1. 

[01131 Then, a title key, as a recording specific key, is 

generated in the encryption processing means 150 (see Fig. 
1) at random or by a predetermined method, such as a random 
number generation, to record the so generated title key on 
the. disc 702 . ... 

[0114] From a combination of the disc unique key, title 

key and the device ID or a combination of the disc unique 
key, title key and the device unique key, a title key unique 
to the disc key — is generated. Such title is hereinafter 
referred to as a " title unique key" . 

[0115] For generating the title unique key, there may be 

used the method of ^ke instance 1 of employing the results 
obtained on inputting the title key and the disc unique key, 
the device ID (in case of not limiting the reproducing 
equipment) or the device unique key (in case of limiting the 
reproducing key) to. the hash function employing the block 
cipher function, as shown in Fig. 9, or the method of the 
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instance 2 employing, as the title unique key/ only a needed 
data length from a 160-bit output obtained on inputting data 
generated on bit concatenation of the media key, disc ID and 
the device ID (in case of not limiting the reproducing 
equipment) or the device unique key (in case of limiting the 
reproducing key) to the hash function SHA- , 1 as defined in 
FIPS 180-1. Meanwhile, limitation of the reproducing 
equipment means rendering reproduction of content data 
stored in the recording medium possible only in a specified 
reproducing device. 

[01161 In the foregoing explanation, the disc unique key 
is generated from the media key and the disc ID, and the 
title unique key is generated from the disc unique key, 
title key and the device ID or from the title key and the 
device unique key. Alternatively, the title unique key may 
be generated directly fee — generated from the media key, disc 
ID,, title key and the device ID or device unique key, 
without using the disc unique key. Still 

Alternatively altornativGly , a key equivalent to the title 
unique key may be generated from the media key, disc ID and 
the device ID or the device unique ID, without using the 
title key. 

[0117] Referrin g again to Fig. 7, subsequent^ — ensuing 

processing will be described ^ — explained . A block key for 
encrypting block data now is generated from F^effl — a block 
seeid, corresponding to block data numbered from Qcparated ' 
leading number 1 to number 4 bytes of the block data, input 
as data for encryption, and from the previously generated 
title unique key^-? — a block key, — as a key for encrypting the 
block data, — io generated. 

[01181 Fig. 10 shows an instances ins tance of generating 

the block key. Fig.___10 shows two instances of generating a 
64-bit block key from a 32 bit block seed and a 64 bit title 
unique key. 
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[0119] In the * Pfee — instance 1, show n at the top of Fig. 

10, on an upper side, — uoco a 64-bit cipher function is used 
in which the- ; — with a key length is bcing 64 bits at- — §ea? each 
of an input and an output. The block seed and a 32-bit 
constant, concatenated together, are input and encrypte d to 
form a block key , using the title unique key as a key for 
the thio cipher function ^, to form a block key as — the result 
o f the encrypt i on . 

[0120] The instance 2 uses the hash function SHA-1 of 
FIPS 180-1. The title unique key and the block seed are 
concatenated together and input to the SHA-1 . — and - aA 
160-bit output thereof is— contracted to 64 bits for use as 
the block key , such as by retaining cmployirig only the lower 
64 bits thereof, — io used ao — the block key . 

[0121] In the foregoing, the instance of generating the 

disc unique key, title unique key and the block key has been 
explained. Alternatively, the block key may be generated 
using the media key, disc ID, title key, block seed and the 
device ID . In another alternative, or — the device unique 
key may be used from block to block to generate the block 
key, without generating the disc unique key or the title 
unique key. 

[0122] When the block key is generated, block data are 

encrypted— using the so— generated block key. As shown in the 

bottom part of Fig. 7, the leading number 1 — fee — number — m 

first through mth bytes of the block data- inclusive — e# 

including the block seed-; — m being, — §e*= — example, 8 , where m 
is eight for example, are separate d by the -(-selector 1608-K 
without being encrypted T . The — while — fefee — number — m+1 data 
bytes and data which follow the m up to the trailing data are 
encrypted. Meanwhile, the first through fourth number — 1 — fee 
number — 4 — bytes, as the block seed, are included in the non- 
encrypted m bytes . The block data ao from the number m +lst 
byte — and following are separated by the selector 1608 , and 
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€t&e — encrypted in accordance with the encryption algorithm 
preset on the encryption processing means 150: As the 
encryption algorithm, the DES (data encryption standard) 
provided for in, for example, FIPS 46-2, may be used. 

[0123] By the above processing, the content is encrypted, 

on the basis of a block — basis , by a block' key generated 
based on the generation-managed media key or block seed, s-e 
as to bo otorcd in for storing on the recording medium . 

[0124] Fig. 11 shows is a block diagram showing the 

processing of decrypting encrypted content data stored in 
the recording medium and of reproducing the -s othus decrypted 
data. 

[0125] In the reproducing processing, as in the 

encryption and recording processing explained with reference 
to Figs. 7 to 10, a disc unique key is generated from the 
media key and the disc ID, a title unique key is generated 
from the disc unique key and the title key, and the block 
key is generated from the title key and the block; seed as 
read out from the recording medium. The block-based 
encrypted data, read out from the recording medium 702, is 
decrypted, using the block key as the decrypting key. 

[0126] In the above-described encryption processin g used 

in recording content data on a recording medium and in the 
above-described decryption processin g used in reproducing 
the content data from the recording medium, ets — described 
above , — a media key is calculated based on the KRB. The key 
for encrypting or decrypting the content is then 
generated based on the so calculated media key or other 
identifiers . 

[0127] As £ n fefee above describe d above instance , an 

embodiment has been described for — fefee — configuration — e# 
generating a key used for encrypting or decrypting the 

content data from a media ke y has — been ojcplaincd . 

Alternatively, the key used for encrypting and decrypting 
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the content key may also be generated not b ased f*et — on the 
media key but instead based on a master ke y which is common 
to a ^ &e — plural p lurality of recording and/or reproducing 
devices or a device key unique to the recording and/or 
reproducing device, acquired from the KRB. The media key, 
master key or the device key per se, as acquired from the 
KRB, may also be applied as keys used for encrypting and 
decrypting the content data. 

[0128] In these configurations, the device is requested 
to calculate the encrypted key required for encrypting or 
decrypting data, or to calculate data for generating the 

encrypted key-; as- needed infor encrypting or decrypting 

data, by a plural p lural it yn umbor of decrypting processing 
operations, during operations of recording or reproducing 
data, based on the KRB stored in the recording medium of 

Fig. 6. The numbcr numbers — e# — timco of the calculations— 

needed for this KRB processing- — is — incroaoG d increases with 
increasing depth from the leaf to the node for which the 
media key is encrypted. That is, the volume of calculations 
is increased for a system including a large' number of 
recording and/or reproducing devices. 

[0129] Ficr._12 shows — fefee — configuration of an arrangement 
for handling the media key of the recording and/ or 
reproducing device-r designed for facilitating these 
processing operations , according to the present invention. 

In ^he — configuration — e€ — the — present — invention, fcfee — this 

arrangement, p rocessing is similar to that of Fig._6 up to 
type of calculations performed by the recording and/or 
reproducing device e#on the media key from the KRB stored in 

a recording medium. In fefee present inventio n this 

arrangement , the media key- is encrypted using a key known 
only to the device in question, or a key unique to the 
recording and/or reproducing device, such as a leaf key 
assigned only to the device in question in the tree 
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structure, and is recorded in an area provided at the' outset 
in a recording medium, along with the identification 
information of the recording and/or reproducing device, such 
as, for example, the leaf number assigned to the recording 
and/or reproducing device. The device 12 of Fig.__12 encrypts 
the media key K(t)media-r acquired by KRB processing— with 
feheits own leaf key K0010 and then - — to store it stores the 
encrypted media key K(t) media in ethe recording medium. 

[0130] In this manner, when the media key acquire d by 

plural through several stages of feke — decryption processing 
of the KRB is used again used , it can be acquired by €t 
simple decryption processing, without newly executing 
plural several . .. stages of docodin g decryption processin g as 
originally performed . That is, if the same recording and/or 
reproducing device accesses this recording medium a second 
time, a third time and so on, the media key that device can 
be obtainc d obtain the media key by decrypting the cryptotext 
stored in the media key storage table-; — with an using its own 
unique key, without -fche — necessity — of executin g having to 
execute voluminous calculations using the KRB. Moreover, 
since the encrypted media key stored in the recording device 
can be decrypted using only the leaf key that is unique to 
feh ethat device 2, the encrypted media key cannot be acquired 
enby a different recording and/or reproducing device through 
decryption oven — — processing when the recording medium is 
loaded on another such different device. 

[0131] The — i^re wFig. 13 is a flow diagram illustrating a 

method for acquiring the media key when the recording and/ or 

reproducing device . according fee fehe present — invention 

accesses a recording medium, that is when the recording 
medium is loaded on the recording and/or reproducing 

device— _. — — shown in — Fig . 13 . — The processing — flow — e# 

Processing in accordance with Fig. 13 is now explained. 
[0132] At step S13 01, the recording and/ or reproducing 
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device reads out a media key storage table recorded on the 
recording medium. At step S13 02, the recording and/ or 
reproducing device checks the index part of the media key- 
storage table to inspect whether or not there is -thea leaf 
number assigned to the medium; — arfc-r- that is_j_ whether or not 
the media key storage table contains encrypted there is da t a 
referred to herein as "cryptotext" . it stored. If there is no 
such data, the recording and/ or reproducing device proceeds 
to S1303 . and, — if othcrwioc Otherwise , the device proceeds 
to step S13 09, 

[0133] At- step S1303, the recording and/or reproducing 

device reads out the KRB (key renewal block) from the 
recording medium. At step S13 04, the recording and/or 
reproducing device calculates the key K(t) of the node 00 at 
the KRB of the identification number: generation (t in Fig. 
7), using the KRB read out at step S1303, the leaf key it 
has stored in the memory (K0010 in the device 2 of Fig._4) 
and the node keys (K001, K00,--- in the device 2 of Fig._4) , 

[0134] At step S13 05, a value corresponding to an 

encrypted representation of the media key K(t)media is read 
out from the recording medium, using Enc(K(t)00, K(t)media), 
that is K(t) 00 . 

[0135] At step S1306, this cryptotext is decoded, using 

K(t)00, to calculate K(t)media. The thusse calculated media 
key is used for encryption and decryption in recording 
and/or reproducing data for the recording medium. 

[0136] At step S13 07, the media key K(t)media is 

encrypted, using the leaf key which only the device in 
question owns (K0010 of device 2 of Fig. 4) , that is, which 
is unique to device 2 . 

[0137] At step S1308, the cryptotext prepared at step 

S13 07 and the number of the. leaf key (leaf number) 0010— 

-the bwh identification information, — : — are recorde d as 

identifying the device identification information on the 
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media key storage table of the recording medium to terminate 
the processing. 

[01381 If, at step S1302, the cryptotext stored in the 
recording and/or reproducing device itself is found in the 
media key storage table of the recording medium , the device 
moves to step S1309 to read out the cryptotext from the 
recording medium. 

[0139] At step S1310, the device decrypts the cryptotext— 

using its own leaf key— to thereby acquire the media key for 
the recording medium. This media key is used for encryption 
and decryption at the time of recording and reproduction of 
data to or from the recording medium. 

[0140] In the above processing, the processing of steps 

S1307 and S1308 may be executed only when a set of the 
indexes and the cryptotext can be newly written in the media 
key storage table, as shown in Fig._14. 

[0141] In Fig._i4, the steps S1301 to S1306 and S1307 to 

S1310 are similar to those in Fig._13 and hence a^eneed not 
be described again in detail cxplaincd specifically . 

[0142] At step S1401, the recording and/or reproducing 

device verifies whether or not there is any space left for 
it to record a key rccording — fey — ±^ in the media storage 
tabl c cablo . If there is any space left, the program moves to 
step S13 07 and the cryptotext is recorde d in the table at 

step S13 08 — eft fefee table . If there is no space, the 

processing according to e# steps S1307 and S1308 are skipped 
to terminate the and p rocessin g then terminates . 

[0143] In the above-described embodiments, the tables 

used by respective recording and/or reproducing devices are 
placed in the respective recording media,, as explained 
previously with reference to Fig._12. As shown in Fig. 15, 
— the present embodiment, -fefee — media keys specific to ^he 
respective recording media are stored, as shown in Fig. 15, 
in the respective recording and/or reproducing devices, such 
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as in a m emory 180 in the recording, and/or reproducing 
device 100 shown in Fig._l. 

[0144] In storing the encrypted media keys in the memory 

180 of the recording and/ or reproducing device 1 100, such a 
media key storage table is used, in which encrypted media 
keys are associated with one another with the media key 
generation information as the index. This takes into account 
a case of storing the media keys for a plurality 4^ey — e# 
plural media keys of different generations of the media key . 

[01451 Fig. 16 shows the flow for acquiring media keys 

when the recording and/ or reproducing device of the present 
embodiment accesses the recording medium, that is^ when the 
recording medium is loaded on the recording and/or 
reproducing device • 

[0146] At step SI 6 01, the recording and/ or reproducing 
device reads out the KRB generation (t in the instance of 
Fig._15) as an identification number of the media key from 
the recording medium. 

[0147] At step S1602, the recording and/or reproducing 
device inspects whether or not the media key having the 
generation equal to -t is stored in the media key storage 
table kept by the device itself holds , If such media key is 
not store d in the media key storage table , the recording 
and/or reproducing device proceeds to step S16 03 and, if 
otherwise, proceeds to step S1610. 

[0148] The processing of steps S1603 to S1606 is similar 

to that of S1301 to 1306 of Fig._13, respectively, and hence 
need- is- not be described again in detail Gxplainod . By this 
processing, the recording and/or reproducing equipment 
acquires a media key. The thusse calculated media key is 
used for encryption and decryption -at the time of recording 
and reproduction. 

[0149] At step S1607, the recording and/or reproducing 

equipment checks whether or not there is any space for 
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storage of a new media key in its own the media key storage 
table^ o£ — ewfi — recording means . — If there is any space, the 
recording and/ or reproducing equipment proceeds to step 
S1608_ and, — If there is no space, 4 r€ — otherwise, — skips the 
processing of steps S1608 and S1609 is skipped, and 
processing then terminates . 

[01501 A t step S1608, as at step S13 07 of Fig._13, the 
equipment encrypts the media key using its own leaf key. At 
step S1609, the resulting cryptotext is stored in the media 
key storage table along with the identification informations 
identifying the generation. 

[0151] At step S1602, if the cryptotext corresponding to 

the generation is found in the media key storage table, the 
recording and/or reproducing equipment proceeds to step 
S1610 to read out the cryptotext from the media key storage 
table. At step S1611, as at S1310 of Fig._13, the recording 
and/or reproducing equipment decrypts the cryptotext— using 
its own leaf key, to acquire the media key of the recording 
medium. This media key is used for data encryption and 
decryption in recording and reproducing the data on or from 
the recording medium. 

[0152] In the above-described embodiment, the own , lea:f 

key belonging to the recording and/or reproducing equipment 
is used for encryption — is* — storing encrypting the media key 
prior to storing it in the media key storage table. However, 
if safe recording may be made without the content of the 
media key storage table becoming disclosed to devices other 
than the device which records the media key in the media key 
storage table, outside , encryption is not mandatory. That is, 
it suffices if the media key K(t)media obtained on 
decrypting the KRB is stored directly, that is without 
encryption, iii — association — together w ith the generation as 
the index, as shown in Fig._17. If, in this case, the media 
key K(t) media is re-used, fefee processing e # making 
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subsequent decryption processing of the media key 
unnecessary. 

[01531 The above-described embodiments may also be 

combined such that the media key storage table is owned by 
both the recording medium and the recording and/or 
reproducing equipment. 

[0154] The£*i — the above example has been explained in 

terms of . acquiring a media key through processing of a KRB. 
instance, — fehe — key acquired baocd on — the — KRB processing had 
boon explained as a media key. — This method, however, is not 
specific to the media key, and may, of course, be applied to 
a master key , common to a plurality of equipment pieces, 
stored in common in the pieces of plural equipment, or to a 
device key unique to an individual equipment. 

[0155] In the above instance, the expression Mtey renewal 

blocks (KRB) is used for describing explaining data used in 
a method for distributing the keys. It should however — -be 
apparent from the foregoing description that use of the key 
renewal block is not limited to key renewal but may be 
applied in general to key distribution at large. 

[0156] An embodiment has been described i Phe — configuration 

in which the recording and/or reproducing equipment shown in 
Fig._l distributes keys to respective equipment , such as a 
content ke y which is — required fori** recording or 

reproducing data on or from the recording medium-? £e 

respective — equipment , — is — explained . Meanwhile, the content 
key is a key used for decrypting the encrypted . content 
distributed over the communication medium or through a 

recording medium. Fig. 18 shows the key. distribution 

configuration in the recording and/or reproducing equipment 
in the recording system employing the present system. The 
numbers 0 to 15 shown at the bottom row in Fig._18 represent 
respective recording and/or reproducing equipment. That is, 
the respective leaves of the tree structure shown in Fig._18 
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correspond to the respective recording and/or reproducing 
devices. 

[0157] In each of the respective devices 0 to 15, there 

are stored, at the time of manufacture (shipment) , the keys 
(node keys), allocated to respective nodes from the device 9 s 
own leaf to the root in the preset initial tree : - and the 
leaf — keys of — fefee — respective — leaves . — K0000 to Kllll shown at 
the bottom row of Fig.__18 represent leaf keys, allocated to 
the respective, devices 0 to 15, with the keys KR to Kill as 
from the topmost row KR to the second node as from the 
bottom row being node keys . 

[01581 In the tree structure shown in Fig._18, the device 

0, for example, owns the leaf key K0000 and the node keys 
K000, K00, K0 and KR. The device 15 owns the leaf key Kllll, 
and node keys Kill, Kll, Kl and KR. Although only 16 devices 
numberede # 0 to 15 are show n indicatcd in the tree of Fig._4, 
with the tree configuration being of well-balanced left- 
right symmetrical structure in four rows, more devices may 
be indicated in a tree, while the number of rows in the tree 
structure may differ from that shown therein. 

[01591 The recording and/ or reproducing devices— included 

in the network having a tree structure shown in e -f— Fig. 18, 
et&e — comprised — e€ — fehe — include recording and/or reproducing 
devices of variable various types which may employiraf a 
variety of different types of recording media, such as DVD, 
CD, MD or Memory Stick (trademark). Moreover, it may be 
presupposed assumed that a variety of application services 
co-exist within the network . The key distribution 

configuration shown in Fig. 18 is applied to this 

presupposed assume d co existing configuration of different 
co-existing applications. 

[01601 In the system where these — variable — such varied 

devices and applications co-exist, the portion surrounded by 
a dotted line in Fig.__18, that is devices 0 to 3, is set as 
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one group employing one and the same recording medium. For 
the devices belonging to in this group-r defined by the dotted 
line, processing operations/ can be performed 
s imul t aneous ly , such as encrypting common content to be 
forwarded from a provider, forwarding of a commonly us ed 
master key_^ used — ana — common, — or output ting payment data for 
ae# content fee in a similarly encrypted form to a provider 
or to a settlement organization^ — may bo executed at a time. 
The organization responsible for data transmission and 
reception to or from respective devices, such as the content 
providers or settlement organizations, execute — the 
processing of perform the forwarding of the data in a lumped 
f o r m for the group of devices 0 to 3 as define d , with — fefee 
portion — surrounded by thee dotted line in Fig._18-r — that — is- 
the — devices — 9 — fee — 3-? — as — a — group . A plural — numbcr p lurality of 
such groups exist in the tree structure e #network shown in 
Fig._18 . 

[0161] It should be noted that the node and leaf keys may 

be supervised in a concentrated fashion by a sole key 
management center, or , alternatively on a^fefee group basis by 
the providers or settlement organizations transmitting or 
receiving a variety of data to or from the respective 
groups . In case the security of a key is compromise d of , for 
example, — key — leakage , the node or leaf keys are renewed by 
the key management center, provider or by the settlement 
organizations. 

[0162] As may be seen from Fig.__18, the four devices 0 to 

3 of one group own common keys K00, K0 and KR as node keys . 
By exploiting this node key co-owning configuration, in one 
example of operation, — it becomes possible to furnish e.g., 
a common master key only to the devices 0 to 3. For example, 
if the co-owned node key K00 itself is set. as. a master key, 
a common master key can be set only for the devices 0 to 3 
without executing new key forwarding operations . Moreover, 
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if a value Eric (K00, Kconterit) , obtained on encrypting a new 
content key Kcontent with a node key K00> is distributed 
over the network or as it is stored on a recording medium, 
only the devices 0 to 3 are able to decrypt the cipher Enc 
(K00, Kcontent) to obtain the content key Kcontent. As 
above,, the notation M canwhilc, ^Enc (Ka, Kb)_^_ 

indicates indicate data obtained on enc ryp t i n g a key _^Kb_^ 
with another key w Ka ff . 

[0163] If it is revealed at a certain time point t that 

the security of the keys owned by thie device 3, that is keys 
K0011, K001, K00, K0 and KR were compromised, such as 
through efforts of a analyzed by an aggressor ( hacker-)- and 
are no longer secure/ disclosed, the device 3 subsequently 
needs to be separated from- the "syste m" (the group of the 
devices 0 to. 3) in order to protect data transmitted or 
received in the system — ( group — e£ — the — devices — 0 to 3 ) . To 
this end, the node keys K001, K00, K0 and KR must be renewed 
to new keys K(t)001, K(t)00, K ( t ) 0 and K(t)R, respectively, 
while these renewed keys must be transmitted to the devices 
0 , 1 and 2 . Here, the notation M eanwhile, — ( t ) aaa_^ denotes 
that it is a renewed key of a key "Kaaa " at with — a 
generation time - ^-t. 

[0164] The processing of distributing a renewal ke y will 
now be described, io — explained. The renewal of a key is 
executed by storing a table formed by block data which is 
referred to herein as termed a key renewal block ( KRB ) ^_ 

Such KRB is shown for example in Fig. 19 A. In this 

processing method, the table is stored initially at a point 
or in a network or in a recording medium an d then sent 
sending the table to the devices 0. to 2. 

[0165] The key renewal block (KRB), shown in Fig.__19A, is 
formed as block data e-f — a — data — have a s true ture in which 
renewal is possible only for the devices in need of renewal 
of node keys. The block data shown in Figs. Fig. 19A are 
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formed with a view to distributing a renewal node key of the 
generation t to the devices 0, 1 and 2 of the tree structure 
shown in Fig._JL8. As may be seen from Fig.__18, the devices 0 
and 1 are in need of K(t)-00, K(t)0 and K ( t ) R, as renewal 
node keys, whilst w hile the device 2 is in need of K(t)001, 
K(t)00, K(t)0 and K(t)R, as renewal node keys. 

[01661 As shown in the KRB of Fig. 19A, a plurality of 

plural encrypted keys are contained in the KRB. The 
encrypted key at. the bottom row is Enc (K0010, K(t)001). 
This is a renewed node key K(t)001, encrypted by the leaf 
key K0010-7 - which is owned by the device 2, so that the 
device 2 is able to decrypt the encrypted key by the 
device's own leaf key to obtain K(t)001. Moreover, using 
K(t)001, obtained on decryption, the encrypted keys 
Enc(K(t)001, K(t)00) in the second row from the bottom of 
Fig.__19A can be decrypted to yiel d givo the renewed node key 
K(t)00. In a similar sequence, the encrypted keys 
Enc(K(t)00, K(t)0) in the second row from top of Fig._19A 
can be decrypted to yiel d givo a renewed node key K(t)0, 
whil cw hilat the encrypted keys Enc(K(t)0, K(t)R) in the 
first row from top of Fig._19A can be decrypted to yiel d givo 
K(t)R. As for the- devices 0 and 1, on the other hand, the 
node key K000 is not to be renewed. It is only K(t)00, K(t)0 
and K(t)R that are needed as renewal node keys. As for the 
devices 0 and 1, the encrypted keys Enc(K000, K(t)00) in the 
third row from the top of Fig.__19A are decrypted to . obtain 
K(t)00. Similarly, the encrypted keys Enc (K(t) 00, K(t)0) in 
the second row from top of Fig.__19A are decrypte d dccodod , to 
yiel d givo a renewal node key K(t)0 and the encrypted keys 
Enc(K(t)0, K(t)R) in the first row from top of Fig._19A are 
decrypted to yiel d givo K(t)R. In this manner, the devices 0 
to 2 are able to acquire the renewed keys K(t)R. Meanwhile, 

indices in Fig. 19A denote absolute addresses use d for 

decrypting ao decoding keys . 
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[0167] If renewal of the node keys K(t)0 and K(t)R in the 

uppermost topmoo t row of the tree structure network shown in 

Fig. 18 is not needed an d unnccdcd, — whilst only the renewal 

of the node ley K00 is needed, the key renewal block (KRB) 
of Fig._19B may be used to distribute the renewal node key 
K(t)00 to the devices 0 to 2 . 

[0168] .The KRB shown in Fig._19B may be used in case a 

content key co-owned by a specified group, a master key or a 
media key unique to a recording medium is to be distributed." 
As a specif icd — specific instance, it is assumed that the 
devices 0 to 3 in the group shown by a dotted line in Fig. 
18 need to be supplied with the content encrypted using the 
content key , the content key being— aad — with the encrypted 
content key K(s) content, where s is a content ID for 
identifying the content. At this time, data Enc(K(tj,' 
K(s) content) , obtained on encrypting a common node key 
K(s) content using K(t)00, which is a renewed node key K00 
common to the devices 0 to 3 , is distributed along with KRB 
shown in Fig._19B. InBy this distribution— arrangement , i t 
becomes possible for a device from another group, such as 
device 4 to distribute data without having to decrypt that 
data prior to distributing it, such as to devices 0 to 
3. distribution ao data not decrypted by an equipment of the 
other — group , — ouch — as — device — 4-? — becomes — possible. The same 
may be said of other keys, such as a media key. 

[0169] That is, the devices 0 to 3 are able to decrypt 

the distributed cryptotext , using K(t)00 obtained on 
processing KRB, to obtain the content key K(s) content or the 
media key K(t)media at a time point t. 

[0170] If the content, such as music data, encrypted 

using w ith the content key, is furnished to the information 
recording and/or reproducing equipment loeate d arranged at 
the respective leaves of the tree structure network as in 
the above-described key distribution configuration, the data 
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structure is as shown in Fig._2 0. 

[0171] As shown in Fig. 20, the^ Phe data structure 

includes- ars — comprised — e# a key distributing portion and a 

content data portion-? as shown is Fig. 20 . The key 

distributing portion has the above-described key renewal 
block (KRB) and a content key K(s) content encrypted by a 
renewal node key obtained by the processing of the key 
renewal block (KRB). The content data portion has stored 
therein content ^Enc (K ( s ) content , Content)^ as encrypted by 
the content key ^K (s ) content^. 

[0172] The information recording and/or reproducing 

equipment being , that — arS — able to acquire updated node keys 

by -fefee — processing e£ the key renewal block (KRB) as 

described above, can be set in many ways. If the 

conf i gura t i on e-f — furnishing — fehe encrypted content is 

furnished according to the arrangement— shown in Fig._20, 
uGcd, — it is possible to provide the content that can be 
decrypted only by a specified information processing device. 

[0173] Fig. 21 illustrates an examples hows , — —as a 

processing — instance of utilizing the content encrypted by 
the content ID = s content key J^K (s ) -content^, as proposed 
described in commonly owned published Japanese e **fe — senior 
application — <JP — Patent Application JP2000-105329 .- In- such 
example, - fefee — processing — e£ — -the device 2 processes the 
comprised — e£ — processing — KRB with its leaf key K0010 to 
acquire content key _^_K(s) — content" . — te Using the acquired 
key K(s) content, the device 2 can then acquire the content 
from the encrypted data _^Enc (K(s)— content , content)^. 

[0174] It is assumed that a certain recording and/or 

reproducing system includes four devices 0 to 4 surrounded 
by a dotted line, as shown in Fig.__18. Fig. 21 shows that 
when the content key K(s) is used with the device 3 revoked, 
th e The processing of data received by the recording and/ or 
reproducing device (device 2)_^ _ in case of using the content 
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key K ( g ) — with — the . device — 3 — revoked, — that io — the processing 
e# — includes finding the content key K(s) content based on 
the key renewal block (KRB) stored in a . recording medium^— 
io shown in Fig .21. 

[0175] In the memory of the device 2, there are safely 

stored the leaf key K0010 allocated to the device 2 itself 
and node keys for nodes 001, 00, 0, R (K001, K00, K0 and 
KR) , from the leaf key K0010 to the key for the node at the 
root of the tree. The device 2 decrypts the cryptotext 
having w ith the index of 0010 from the KRB stored in the 
recording medium of Fig. 21 -using its , with the own leaf key 
K0010- to calculate the node key K(t)001 of the node 001. 
Then, using the thuse e, calculated node key K(t)001, the 
device 2 decrypts the cryptotext havin g , with the index of 
001-r to calculate the node key K(t)00 of the node 00. Then, 
using that^ ke — se calculated node key, the device 2 decrypts 
the cryptotext . having- ? — with the index of 00— to calculate 
K(t)0 of the node 0 . — and — finally Finally, the device 2 
decrypts that tho cryptotext having w ith . the index 0-r to 
calculate the node key K(t)R of the node R. Then, using the 
node key K(t)R, the device 2 decrypts Enc (K ( t ) R, K(s) 
content) to acquire the content key K(s) content with the 
content ID = 0 . 

[0176] Then, Using the se- — acquired content key K(s) 
content, the encrypted content Enc: Enc(K(s), Contents- 
stored in the content data portion T is decrypted to acquire 
the content .... . 

[0177] The decryption processing of the encrypted content 

becomes possible, by executing all of these processing steps. 
For the processing of acquiring the renewal node key by the 
processing of the key renewal block (KRB) as described 
above, it is necessary to repeat the similar decrypting 
operations a number of times. The number* of times of the 
calculations, needed in the — for this KRB processing- is 
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increased with increasing depth from the leaf to the node 
with the encrypted content key. That is, the volume of 
calculations is • increased for a system including a large 
number of recording and/or reproducing device. 

[0178] In reproducing the content in the information 

recording and/ or reproducing device, it is necessary to 
calculate the content key by a plurali ty p lural — number of 
decrypting operations based on the KRB stored e.g., in the 
recording medium. For example, if the content key is set as 
a key different from one content to another, the 
aforementioned KRB processing needs to be executed each time 
the content is reproduced. 

[0179] Fig"- 22 shows an embodimente — configuration for 

handling the content key of the recording and/or reproducing 
device of the present invention for relieving the processing 

load. The This embodiment conf iguration — &€ fefee prcocnt 

invention is similar to that shown in the processing of Fig. 
21 up to calculations of the content key by the recording 
and/or reproducing device . In this embodiment ; - fefee — prcoont 
invention, the content key is encrypted using a key known 
only to the particular device; in — question, that is/ a* key 
unique to the recording and/or reproducing device-? -. For 
example, the unique key may be — ouch — as- a leaf key assigned 
only to the particular device ±ft — question — in the tree 
structure, which and is recorded in an area provided at the 
outset therefor in a recording medium along with the 
identification information of the recording and/or 
reproducing device, such as, for example, the leaf number 
assigned to the recording and/or reproducing device. In the 
case of the device 2, as an example, as shown in Fig._22, 
the content key Enc(K0010 / K(s) content ) , being encrypted 
using the leaf key, is stored in the recording medium in a 
content key storage table as a set with the corresponding 
content . 
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[01801 By employing the storage configuration of the 

content key storage table, described above, the content key 
can be acquired solely by the simple decoding processing, in 
case of re-using the content key acquired through multiple 
by plural — stages of the KRB decryption processing, without 
the necessity of executing the multipl cp lural stages of ^the 
decrypting processing anew. That is, if the same recording 
and/or reproducing device accesses the recording medium a 
second time, a third time and so on, the content key can be 
acquired by decrypting the cryptotext stored in the content 
key storage table with the device 9 se wa unique key without 
the necessity of executing voluminous calculations with the! 
KRB. Moreover, since the encrypted content key— stored in 
the devicer can be decrypted using only the leaf key unique 
to the device, the encrypted content cannot be decrypted and 
acquired in this form even if the recording medium is loaded 
on another any other device. 

[0181] Fig. 23 shows the flow of the processing of 

loading a recording medium on a recording and/ or reproducing 
device, acquiring the encrypted content key and encrypting 
and reproducing the content for exploiting the content. i Phe 
processing — flow — — Fig. 23 — 3-s — aew — explained. — Although the 
following explanation. is made in connection with, 
reproduction of content from a recording medium, the same 
holds when the content is acquired from a communication 
medium. 

[0182] At step S701, the recording and/or reproducing 

device reads out the content key storage table, recorded 
along with the content recorded on the recording medium.' 

[0183] At step S702, the recording and/or reproducing 

device checks the index part of the content key storage 
table to see whether or not a there is — the leaf number has 
been allocated to the device itself-j_ that is , by checking 
whether or not there is encrypted data stored in the device 
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itself^. If there is no such data, program moves to step 

S703 and, if otherwise, to step S710. 

[01841 At step S703, the recording and/or reproducing 

device reads out the key renewal block (KRB) from the 
recording medium. At step S7 04, the recording and/or 
reproducing device calculates the key of the node R in the 
KRB e^ — having the identification number: content ID ( denoted 

» S "^ g. i n Fig._22) of the content about to be reproduced by 
the device itself (root key K(t)R), using the KRB read out 
at step S703, the leaf key the device itself holds in the- 
memory (K0010 in the device 2 of Fig.__18) and the node key 

(K001, K00,---) in the device of Fig.__18. Meanwhile, in the 
present instance, the content key is furnished as it is 
encrypted by the root key K(t)R. If the renewal node kiey 
K(t)xx is set, such as through use of a using — fefee — node key 
which is — fcfee — lower in order than the root key, the 
content key can be - is — encrypted fey — using the renewal node 
key K(t)xx and a content key is distributed, that can be 
decrypted only by -fche — a specified group is — distributed, — of 
devices, such that the renewal node key can be found on 
calculations . 

[0185] At step S705, the encrypted value of the content 

key K(s) content is read out f rom .Enc (K(t) R, K(s) content), 
using Enc ( K ( t ) R , K(s) content), that is K ( t ) R . 

[01861 At step S706, this cryptotext is decrypted— using 

K ( t ) R— to calculate K(s) content. At step S7 07, the 

recording and/ or reproducing device checks whether or not 
there is left any space in the content key storage table of 
the content — efi — fefee — recording medium for recording to be 
recorded by the device itself. If there is any space left, 
the program moves to step S708 and, if otherwise, the 
program skips the processing at steps S708 and S709 to 
proceed to step S712. 

[0187] At step S7 08, the device encrypts the content key 
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K(s) content, using the leaf key owned solely by the device 
itself (K0010 in the case of the device 2 of Fig. 18) to 
create a cryptotext . 

[0188] At step S709, the cryptotext created at step S708 
and the number of the leaf key (leaf number) which is to 
become the identification information of the device itself 

(0010 with the device 2 of Fig. 18) is written onto the 

recording medium . The program then moves to step S712 . 

[0189] If, at step S702, the cryptotext stored in the 

device itself is found in the content key storage table, the 
program moves to step S710 where the recording and/ or 
reproducing device reads out the ciphertext from the 
recording medium. 

[0190] At step S711, the recording and/or reproducing 

device decrypts the cryptotextr using the device's own leaf 
key— to acquire the content key fore # the encrypted content . 
The program then moves to step S712 where the recording 
and/ or reproducing device reads out the content data portion 
from the recording medium to decrypt it with the content key 
acquired at steps S706 or S711 in order to acquire 
decrypt e dp laintcxt data which is to be used. 

[0191] By so doing, it is possible to diminish the 

processing of calculating the content key with KRB each time 
the content is used. 

[0192] In recording the content on the recording medium 

as shown in Fig. 20 , the content shown a=n Fig. 20 , 

transmitted or sent over the communication medium or via the 
recording medium^ that is_j_ the content data portion and the 

key distributing portion is- ? as?e simply recorded on the 

recording medium. At this time, the processing of steps S701 
to S709 is carried out in the same way as the content 
reproduction processing of Fig._23. The processing flow in 
this case is shown in Fig.__2 4. 

[0193] For recording the content of Fig. 24, the 
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processing similar to that executed at the time of- 

reproducing the content of Fig. 2 3 is executed. At step 

S801, the recording and/or reproducing device reads out the 

content key storage table as recorded on the recording 
medium . 

[0194] At step S802, the recording and/or reproducing 

device checks the index part of the content key storage 
table to see whether or not a there — is — the leaf number has 
been allocated to the device itselfj_-r that is , by checking 
whether or not there is encrypted data stored in the device 
itself hao — stored . If there is no such data, program moves 
to step S803 and, if otherwise, to step S812 . 

[0195] At step S803, the recording and/or reproducing 

device reads out the key renewal block (KRB) from the 
recording medium. At step S804, the recording and/or 
reproducing device calculates the key of the node R in the 
KRB havinge # the identification number: content ID ( denoted 
"s"s - in Fig._22) of the content, using the KRB read out at 
step S803, the leaf key the device itself holds in the 
memory (K0010 in the device 2 of Fig._18) and the node keys 
(K001, K00,---) in the device of Fig._18, that is the root 
key K ( t) R. 

[0196] At step S805, the an encrypted value of the 

content key K(s) content is read out from Enc (K ( t) R, K(s) 
content), using Enc ( K ( t ) R , K(s) content), that is K(t)R. 

[0197] At step S806, this cryptotext is decrypted, using 

K(t)R, to calculate K(s) content. At step S807, the 

recording and/or reproducing device checks whether or not 
there is any space left afiy — space — fee — fee — recorded — for 
recording . by the device itself in the content key storage 
table of the content — en — fehe — recording medium. If there is 
any space left, the program moves to step SSOS^ If and/ — ir# 
otherwise, there is no space left, the program skips the 
processing at steps S808 and S809 to proceed to step S812 . 
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[0198] At step S808, the device encrypts the content key 

K(s) content, using the leaf key owned solely by the device 
itself (K0010 in the case of the device 2 of Fig. 18) to 
create a cryptotext . 

[0199] At step S809, the cryptotext created at step S808 

and the number of the leaf key 0010 (in the case of the 
device 2 of Fig._18) , which is to become the identification 
information of the device itself, are recorded in the 
content key storage table of. the recording medium. The 
program then moves to step S812 . 

[0200] If, at step S802, rfche cryptotext is found in the 

content key storage table which was stored by the device 
itself j_— has — stored — is — found — ±& — fehe — content — key — storage 
table, the program moves to step S812 to skip S803 to S809. 

[0201] At step S812, the content transmitted or sent over 

the communication medium or via recording mediu m are 
directly stored on the recording medium.- — that That is^ thie 
content data portion and the key distributing portion, being 
encrypted with the content key K(s) content, are stored on 
the recording medium, a^e — directly stored — on the — recording 
medium. — Although the content is. stored last time in the 
present instance, the content is previously encrypted, as 
shown in Fig.__20, so that the content may be recorded in the 
recording medium before step S801, that is the recording of 
the content storage may be performed at any desired time. 

[0202] By encrypting the content key at the time of data 

recording usingb y a key unique to the device itself, for 
example, the leaf key, subsequent ^ he — processin g by the 
recording and/or reproducing equipment to calculat e of 
calculating the content key using the KRB when the recording 
and/ or — reproducing — equipment — subsequently — uses — fehe — content 
can be decreased appreciably. 

[02031 In the above-described embodiments, the tables 

used by respective recording and/or reproducing devices are 
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placed along with the . content in the respective recording 
media, as explained in Fig._22. In the present embodiment , 

as shown in Fig. 25, the content keys are stored in the 

respective recording and/or reproducing devices , such as in 
a memory 180 of a recording and/or reproducing device 100 
shown in Fig._l. 

[0204] In storing the encrypted media keys in the memory 

180 of the recording and/or reproducing device 100, such a 
storage key storage table is used— in which encrypted media 
keys are associated with one another , and in which with the 
media key generation information functions as the index. 
This takes into account the case of storing the content keys 
of several plural different content IDs. 

[0205] Fig . 26 is a. diagram illustrating a processing 

shows — fche — flow for decrypting and reproducing . the — encrypted 
content in an example in which caDC the recording and/or 
reproducing device of the present embodiment uses the 
content, with the recording medium that stores holding — the 
encrypted content then being loaded on the recording and/or 
reproducing device, on the same premises as the above- 
described embodiments . 

[02061 At step S1001, the recording and/or reproducing 
device reads out the content ID / being denoted "s"& in the 

instance of Fig. 25) from the recording medium— as an 

identification number of the content the device undertakes 
to reproduceo — from the recording medium. 

[02071 At step S1002, the recording and/or reproducing 

device inspects whether or not the content key having the 
content ID equal to is stored in the content key storage 

table held by the device itself. If such media key is not 
stored, the recording and/ or reproducing device proceeds to 

step S1003_. If such media ke y is stored, the device 

proceeds and, — if otherwise, — to step S1010. 

[02081 The processing of steps S1003 to S1006 is -similar 
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to that of S703 to 706 of Fig._J23, respectively/ and hence^ 

need not be described in detail. is net explained 

specif ically . By this processing, the recording and/or 
reproducing* equipment acquires the content key. 

[02091 At step S1007, the recording and/or reproducing 

equipment checks whether or not there is any space available 
for storage of a new content key in the content storage 
table of its own recording means. If there is any space, the 
recording and/ or reproducing equipment proceeds to step 
S1008 . If no space is available, the equipment — and, — i-# 
otherwise, skips the processing of steps S1008 and S1009. 
[0210] At step S1008, as at step S7 08 of Fig._23, the 
equipment encrypts the content key using its own leaf key. 
At step S1009, the resulting cryptotext is stored in the 
content key storage table along with the content ID as the 
identification information. The program then moves to step 
S1012 . 

[0211] If the cryptotext corresponding to the content ID 
is found at step S1002 in the content key storage table, the 
recording and/or reproducing device proceeds to step S1010 
to read out the cryptotext from the content key storage 
table. At step S1011, as at step S711 of Fig._23, the 
recording . and/or reproducing equipment decrypts the 
cryptotextr usin 9 itsfe jae own leaf key— to acquire the 
content key fore # the. content. The recording and/or 
reproducing device then proceeds to step S1012. 
[02121 At step S1012, as at step S712 of Fig._23, the 
recording and/or reproducing device reads out the content 
data portion from the recording medium and proceeds to 
decrypt the encrypted content— using the content key 
obtained at. steps S1006 or S1011. — From this description 
processing, the device obtains unencrypted content data, — fee 
acquire — fefee — plaintext — data of — the — content , such as music 
data. 
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[0213] In the above-described embodiment, the recording 

and/or reproducing device's own leaf key is used for 
encryption in storing the content key in the content key 
storage table. However, if safe recording may be made 
without the security of the content of the content key 
storage table becoming compromised and possibly disclosed to 
unauthorized devices outoidc , encryption is not mandatory. 
Although in the above example, the content key encrypted 
using the device's own leaf key is stored if* — fefee — above 
instance in the content key storage table, in exploiting the 
content, the content key may be used in storing the content 
on the recording medium and the content key used for 
encryption may be stored in the content key storage table, 
as described above. 

[02141 The above-described embodiments may also be 

combined such that the content key storage table is owned by 
both the recording medium and the recording and/ or 
reproducing equipment. 

[02151 In the above exampl c inotancc , the ter m cxprcooion 

_>]_key renewal blocks (KRB) is used to denote - fes? — explaining 
data used for distributing the key. However , i t- ££r should 
however b e apparent from the foregoing description that the 
key renewal block is not limited to key renewal but may be 
applied to key distribution in general at large . 

[02161 For protecting the benefit of e.g., — -a content 

copyright owner, for example, it is necessary for the 
liccnce d licensed device to control the copying of the 
content . 

[02171 In recording the content on the recording medium, 

it is necessary to check whether or not the copying of the 
content is allowed (copying enabled) so that the content 
allowed to b e for copying is can be recorded . If the content 
recorded on a recording medium is to be reproduced and 
output, it is also necessary to prevent subsequent illicit 
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subsequent copying-. 

[0218] With reference to Figs. 27A, 27B, 2 .8 A and. 28B, 
th c Thc processing of the recording and/or reproducing device 

of Fig. 1 will be described for an example in which the 

copying of in case the content io — recorded or reproduced as 
the content is controlle d. -#ea? — copying — io now — explained 
with reference to Figo.27A, — 2 7B, 2 8A and 2 SB. 

[0219] .First, is — recording the — content — &£ — fehe — digital 

signals — from — outside, — the recording processing as shown in 
the. flowchart of Fig._27A is carried out for recording the . 
content of incoming digital signals . Here, the recording 

and/or reproducing unit 100 of Fig. 1 is taken as an 

example. If the content of the digital signals (digital 
content) is sent over e.g., a 1394 serial bus to the 
input/output I/F 120, the input/output I/F 120 at step S1801 
receives the digital content. The program then moves to step 
S1802. 

[0220] At step S1802, the input /output I/F 120 checks 
whether or not the received digital content is allowed to be 

copied #e3? copying . If the content received by the 

input/output I/F 120 isa^e not in -fehe encrypted*, form, for 

example, if ^fehe plaintext (unencrypted) ' content not 

employing the aforementioned DTCP isa^e supplied to the 
input/output I/F 120, the content is verified as allowing^ 
be allowed for copying . 

[0221] It is also assumed that the recording and/ or 
reproducing device conforms to DTCP and executes processing 
in accordance with, the DTCP. The DTCP provides 2 -bit EMI 
(encryption media indicator) as the information for 
controlling the copying. When the 1 ^^ EMI has a value of 00B^ 
this indicates that the content can be copied i-s — copy free 
(Copy- freely) , whereas when the EMI has a value of 0.1 B , this 
denotes that the content is no more allowed for copying does 
not allow any further copying (No-more-copies) . When th o Tho 
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EMI has a value of 10B , this indicates that the content may 
be copied only once ( Copy- one - gener a t i on) T . When whereas 
the EMI has a value of 11B , this denotes that the copying is 
not allowed at all inhibitod (Copy-never) . * 

[0222] If EMI is- included in the signal supplied to the 

input /output I/F 12 0 of the recording and/or reproducing 
device 100 has a value of- — and the — EMI — is- ^Copy- freely^ or 
^Copy- one - genera t i on^ , the content is verified to be allowed 
for copying. - If the EMI has a value of is no w No -more-copies ff 
or cop y " Copy -never " , the content is verified to be — not 
allo w al lowed for copying 

[0223] If the content is found at step S1802 to fee — not 

allo w al lowed for copying, the steps S1803 to S1804 are 
skipped to terminate the recording. Thus, in this case, no 
content is recorded on the recording medium. 

[0224] If the content is found at step S1802 to fee 
allowed — £e ^allow copying, the program moves to step SI 8 03 
such that the processing similar to that at steps S202, S203 
in Fig.__2A is carried out at steps S1803 and S1804. That is, 
the encryption processing in the encryption processing means 
150 is executed, and the resulting encrypted content is 
recorded on the recording medium 195 to terminate the 
recording processing. 

[0225] Meanwhile, the EMI is — contained in the digital 

signals is supplied to the input /output I/F 12 0, such that— 
when the digital content is recorded— the EMI and any 
other tho information denoting the copy controlling state — as 
doQo — EMi, such as embedded CCI in DTCP— are also recorded 
along with the digital content. 

[0226] As a general rule, during recording, when the EMI 

has a value of the — information — rGprooonting — the — _^C opy - on e - 
generatio n" the value is changed is — recorded — as — i£ — is 
converted to ^No-more copies^ in order not to prevent p ormi t 
further copying. 
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[0227] In recording the content of incoming .^fee analog 

signals ^ from outside, — fefee recording processing is performed 
in accordance with conforming — fee — the flowchart of Fig._27B 

4rs — performed . The processing of Fig. 27B is now explained. 

When the content of analog signals (analog content) are fed 
to the input/output I/F 140, the input/output I/F 140 at 
step . S1811 receives the analog content and proceeds to step 
S1812 to verify whether or not the thusse received analog 
content is allowed to be copie d for copying . 

[0228] The processing of check at step S1812 is performed 

based on whether or not a macro-vision signal or a CGMS-A 

(Copy Generation Management System- Analog) signal is 
included in the signal received by the input/output I/F 140. 
The macro-vision signal is such a signal that becomes noise 
on recording on a video cassette tape of the VHS system. If 
this signal is contained in the signal received by the 
input/output I/F ,140, the analog content is verified as 
being unable to be copied. 

[0229] Moreover, the CGMS-A signal denotes the CGMS 

signal used in copying — controlling copying of the digital 
signals^ efid which is also applied to ^fefee — copying — control 
the copying of the analog signals . The CGMS-A signal 
indicates whether denotco — that the content is _^_Copy- 
£ roo f reely" , ^Copy-one-generation_^ or _^Copy-never_^_. 

[0230] Thus, if the CGMS-A signal is included in the 

signal received by an input/output I/F 140, and the CGMS-A 
signal denotes Copy- freely or Copy-one-generation, the 
analog content is verified as^fee — be allowed to be copied# e^ 
copying . If the CGMS-A signal denotes ^Copy-never^, " the 
analog signals are verified to be not allowed for — copying to 
be copied . 

[0231] If neithere e macro-vision signal nor CGMS-A signal 

is contained in the input/output I/F 140, the analog signals 
are verified to be allowed to be copie d for copying . 
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[0232] If the analog signals are determined at step S1812 

as not — fee — allowed to be copied for copying , the steps 
S1823 to S1816 are skipped to terminate the recording 
processing. Thus, in this case, no content is recorded on 
the recording medium 195. 

[0233] If it is verified at step Si 8 12 that the analog 
content is not allowed to be copied- £e3g — copying, the program 
moves to step S1813 . In the steps S1813 to S1816, the 
processing similar to that at steps S222 to S225 in Fig._2B 
is performed, whereby the content is converted into digital 
data, MPEG encoded, decrypted and recorded ' on the recording 
medium to complete the recording processing. 

[0234] If, in an example in which caoc the CGMS-A signals 
are included in the analog signals received by the 
input/output I/F 140, and the analog content is to be 
recorded on the recording medium, the CGMS-A signals are 
also recorded on the recording medium. In this case, the 

information representing -fcfee _^_Copy-one-generation_^ is 

converted-? fey — a**d — largo, into the denotation "N o-more- 

copies_^, in order to prohibit further copying, and is then 
recorded in that thio form. This, however, is not valid if a 
rule is adopted in a system which states: "The J_Copy-one- 
generation^ copy control information is recorded without 
conversion to ^No-more-copies_^, but is handled as _MNro-more 
copiesJ_" . 

[0235] If the content recorded on a recording medium are 

reproduced and output as digital content to outside, the 
reproducing . processing is performed in accordance with the 
flowchart of Fig. , 28A — irs — performed . The processing in 

accordance with — Fig. 28A is now explained. First, at 

steps S1901. and S1902, the processing similar to that at 
steps S3 01 and S3 02 of Fig._3A is carried out, whereby the 
encrypted content read out from the recording medium is 
decoded by the encryption processing means 150 so that the 
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decrypted digital content is sent over the bus 110 to the 
input /output I/F 12 0. 

[02361 T he input /output I/F 12 0 at step : S1903 checks 
whether or not the digital content supplied thereto is 
allowed for subsequent copying — subsequently. That is, i-£-r 

4ef example , when the EMI, or other^ he information 

indicating the copying controlling state (copying 
controlling information) as — dees — fefee — EMI , — is not contained 
in the digital content sent to the input/output I/F 120, the 
content is determined to be allowed for subsequent copying 
subsequently . 

[0237] If the copying controlling information, such as 

EMI, is contained in the digital content supplied to the 
input/output I/F 120, that is if EMI is recorded in 
accordance with the DTCP standard during content recording, 

and the EMi (-recorded EMI-) - state is ^Copy-f reely^, the 

content is determined to be allowed for subs equent copying 
subsequently . If the EMI is No-more copies, the. content is 
determined not to be allowed for subsequent copying 
subsequently . 

[0238] Usual lyB y — and — large , the cop y copying controlling 

information, such as EMI, as — recorded, — is not recorded with 
the value ^Copy-one-Generation^ orne*? ^Copying-never^. . The 
reason is that the EMI of the Copy-one-generation is 
converted during recording into No-more-copies, but whilot 
the digital content having the EMI of Copy-never isa^e not 
recorded on the recording medium. However , thi s Thi o , 
however, is not valid if a rule is adopted in a system which 
states: - "The x Cop y c opy -one - gener a t i on ' copy control 
information is recorded without conversion to ^No~more- 
copies_^, but is handled as _^No-more copies_[_. 

[0239] If, at step S1903, the content is determined to be 
allowed for copying subsequently, the program moves to step 
S1904 where the input/output I/F 120 outputs the digital 



66 



SONYAK 3 .3-180 

MARKED UP SPECIFICATION 



content external ly fee — outside to terminate the reproducing 
processing. 

[0240] If, at step SI 9 03, _ the content is found to be 

allowed for subsequent copying subsequently, the program 

moves to step SI 9 05 where the input /output I/F 120 outputs 
the digital content externally in accordance with the DTCP 

standard- fere outside in such a form as to prohibit its 

subsequent copying — and accordance with fcfee DTCP 

standard, to terminate the reproducing processing. 

[0241] That is, if , for example, the copy copying 

controlling information, such as recorded EMI has a value of 
- — is J_No-more copies_[_, or if in a given system, there is set 

a default rule stating, that running : • "the 

J_Copy-one-generationJ_ copy controlling information is 
recorded without conversion to J_No -more - cop ies_[_ but is 
treated as J_No-more copies^/' and the EMI recorded under this 
condition is J_Copy-one-generationJ_, the content is not 
allowed for further copying. 

[0242] In this wayS e, the input/output I/F 120 effects. 

reciprocal authentication with respect to counterpart 
devices, in accordance with the DTCP standards. If the 
counterpart is an authentic device, herein the device 
conforming to the DTCP standard, the digital content is 
encrypted and output in this form to outside. 

[0243] If the content recorded on the recording medium is 

reproduced and output to outside as analog content, the 
reproduction processing is performed in accordance 

with conf orming — feo the flowchart of Fig. 28B — is performed : 

The processing according toe# Fig._2 8B is now explained. In 
steps S1911 to S1914, the processing similar to that ait 
steps S3 21 to S3 2 4 is performed. That is, the readout, 
decryption, MPEG decoding and D/A conversion of the 
encrypted content are carried out. The resulting analog 
content is received by the input/output I/F 140. 
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[0244] At step S1915, the input/output I/F 140 is 
verified as to whether or not the content supplied thereto 
is enabled for subsequent copying. For example, if ^the 
copying — copy controlling information, such as EMI, is not 
found recorde d co recorded in the recorded content, the 
content is determined to be enabled for copying 
subsequently. 

[0245] If the copying controlling information— such as 

EMI-r is recorded during recording of the content in 
accordance with, for example, the DTCP standard, and the 
value inf ormation is ] Copy- freely ' Copy free , the content is 
determined to be enabled for further copyings 

[0246] On the other hand, if, for example, the copying 

controlling information, such as recorded EMI- i-& has a 

value of ^No-more copiesJ_, or if, in a given system, there 
is eefe — a default rule s t a t ing that runnin g : "the J_Copy-one- . 
generation^ copy controlling information is recorded without 
conversion to j_No-more-copiesJ_ but is treated as _^_No-more 
copiesJ_" and the. EMI recorded under this condition is _VCopy- 
one-generationJ_, the analog content is determined to be not 
allo w allowcd for further copying. 

[0247] For example, if the CGMS-A signals are contained 

in the analog content supplied to the input/output I/F 140, 
such that, during the recording of the content, the CGMS-A 
signals are recorded along with the content, an d with the 
CGMS-A signals have the valu c bcing _^Copy- freely^, the analog 
signals are determined oubooquontly — to be enabled for 
subsequent copying . However, if — the CGMS-A- signals have 
the valu e arc J_Copy-never_[_, the analog content is determined 
to not allow subsequent bo enabled for copying subsequently . 

[0248] If, at step S1915, the content is determined to be 

enabled for subsequent copying — subsequently, the program 
moves to step S1916 where the input/output I/F 140 directly 
outputs the analog signals T supplied thereto, and by way of 
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terminates terminating the reproduction processing. 

[0249] On the other hand, if, at- step S1915, the content 

is determined fiet — to not be enabled for subsequent copying 
subs cqucnt ly , the program moves to step S1917 where the 
input/output I/F 140 outputs the analog content in a manner 
of not allowing for subsequent copying^ and terminates - fee 
terminate the reproduction processing. 

[02501 That is, 4r€ — the content is not allowed to be 

subsequently copied when, for example, the copying 
controlling information, such as recorded EMI, jrs -has the 
value x N o-more copies^, or if, in a given system, there is 
set a default rule stating that running : "the 
_^Copy- one -generation^ copy controlling information is 
recorded without conversion to _^No-more-copiesJ_ but is 
treated as ^No-more copies_^_" and the c opy c opy ing controlling 
information— such as EMI- recorded under this condition has 

a value-? is- x Copy-one-generation ' .- the — content is — not 

allowed for further copying. 

[0251] In such case, & e-r the input/output I/F 140 appends 

e.g., macro-vision signals or CGMS-A signals indicating 
J_C opy- neve r_[_ to the analog signals to output the resulting 
signals externall y to outside . If the CGMS-A signals recorded 
indicate are J_Copy-neverJ_, the content is not allowed to 
b efor further copie d copying . Then , S e-r the input /output I/F 4 
outputs the content externally,- ^ — outside, along with the 
analog content, after converting the CGMS-A signals to 
J_Copy-never . 

[0252] By recording or reproducing the _ .content" as the 

content is controlled for copying, as described above, it is 
possible to prevent the copying outside the range allowed 
for the content ( i.e., to prevent illicit copying) . 

[02531 The above-described sequence of operations may be 

performed not only by hardware but also by software. For 
example, although the encryption processing means 150 may be 
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arranged as encrypting/decrypting LSI, it may also be 
arranged by a configuration in which the program is executed 
by a general -purpose computer or a one-chip micro-computer. 
If this sequence of processing operations are executed by 
software, the program forming the software is installed on a 
general -purpose computer or a one-chip micro-computer . : Fig ."" 
2 9 shows an illustrative structure of an embodiment of a 
computer on which a4rs — installed the program is installed for 
executing the above-described sequence of operations . 

[0254] The program may be pre-recorded on the hard disc 

2 005 or .. on the ROM 2 0.03 as a recording medium built into a 
computer. Alternatively, the program may be 

temporaril y transiently or permanently stored (recorded) in a 
removable recording medium, such as a floppy disc, CD-ROM 
(compact disc read only memory) , MO (magneto optical)' disc, 
DVD (digital versatile disc) , a magnetic disc or on a 
semiconductor memory. Such removable, recording medium 2010 
may also be furnished as a so-called package software. 

[02551 Meanwhile, the program may be installed on a 

computer from the above-mentioned removable recording medium 
2 010, transmitted over a radio path to the computer- from a 
downloading site via an artificial satellite for digital 
satellite broadcasting, or transmitted to the computer over 
a cable through the networks, such as Internet . The computer 
is able to receive the transmit tede e — transferred program by 
a communication unit 2008 to install the program on a built- 
in hard disc 2005. 

[0256] The computer has a built-in CPU (central 

processing unit) , to which CPU 2002 an input/output 
interface 2011 is connected over a bus 2002. If a command is 
input over input/output interface 2011 by a user acting on 
the input unit 2007, such as a keyboard or a mouse, over 
input /output — interface — 2010 , — the program stored in the ROM 
(reacl-only memory) 2003 is executed accordingly. 
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[ 02571 Alternatively, the CPU 2002 loads a program- 
stored in the hard disc 2005, a program 
t ransmi 1 1 e d trano f err od from a - satellite or through a 
network— received by a communication unit 2008 and installed 
on the hard disc 2 005, or a program read out from the 
removable recording medium 2110, loaded on a drive 2009 so 
as to be installed on the hard disc 20 05- — eB— and loaded into 
the RAM (random access memory) 2004, for execution. 

[0258] Thus, the CPU 2002 performs the processing 

conforming to the above-described flowchart, or in 
accordance with the configuration of the block diagram 
described above. The CPU 2002 outputs the processed results 
via e.g., input/output interface 2011 from an output unit 
2006 formed e.g., by an LCD (liquid crystal display) or a 
loudspeaker, for transmission from the communication unit 
2 008 or recording on the hard disc 2 005. 

[0259] It should be noted that, in the present 
specification, the processing steps stating the program 
designed for the computer to carry out a variety of 
processing operations are not necessarily processed 
chronologically in a sequence stated in the flowchart, but 
the processing also may include processing carried out in 
parallel or batch-wise, such as parallel processing or 
processing by an object. 

[0260] The program may be processed by one computer or by 

a plural it yp lural — number of computers in a distributed 
fashion. The program may also be transferred to and executed 
by a remote computer. 

[0261] In the present embodiment, the description has 

been made mainly for an examplee n — aft — instance in which the 
block for encrypting/decrypting the content is formed by a. 
one-chip encrypting/decrypting LSI. However, the content 
encrypting/decrypting block may also be realized by one 
software module executed by the CPU 170 shown in Fig._l. 
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[0262] The present invention has so far been elucidated 

with reference to certain preferred embodiments. However , 
it^fe is however apparent that the present invention can be 
modified by the skilled artisan by correction or 
substitution of the embodiments within without^ fee — scope — fiet 
departing from the true scope and spirit purport of the 
invention. That is, the present invention has been disclosed 
by way in the perspective of illustration^ Henc c and hence the 
scope of the present invention should be defined in light of 
the claims and not limited by the embodiments which are set 
forth herein by way of example . w ithout being construed in a 
limiting fashion. 
Industrial Applicability 

[0263] With the information recording and/or reproducing 

device according to the present invention, described above, 
in which, by the key distributing configuration of the tree 
structure, renewal data of a content cipher key, such as a 
media key, is transmitted along with the renewal block 
(KRB) , and in which, after the recording and/or reproducing 
device has acquired the media key of a certain recording 
medium by calculations, the media key so acquired is 
encrypted using a cipher key unique to the recording and/or 
reproducing device, such as a leaf key, for storage in a 
recording medium or in a memory of the recording and/or 
reproducing device, the media key can be calculated on 
decrypting the encrypted key only once when the recording 
and/or reproducing device next uses the recording medium. 
Thus, it is possible to diminish the volume of calculations, 
such as those involved in the KRB decrypting processing 
operations, which otherwise become necessary when the 
recording and/or reproducing device accesses the recording 
medium. 

[0264] By the key distributing configuration of the tree 

structure, the content key as the content cipher key is 
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transmitted along with the key renewal block (KRB) and, 
after the recording and/ or reproducing device has acquired a 
content key of certain content on calculations, the so 
acquired content key is encrypted, using the cipher key 
proper to the recording and/or reproducing device, to form a 
cryptotext, which is then stored on a recording medium or in 
a memory of the recording and/or reproducing device. Thus, 
the content key can be calculated on decrypting the 
cryptotext only once when the recording and/or reproducing 
device next uses the content. The result is the reduced 
processing volume such as KRB decrypting processing needed 
each time the recording and/or reproducing device uses the 
content . 
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